diff options
140 files changed, 1504 insertions, 624 deletions
@@ -1,3 +1,821 @@ +Changes in version 0.4.4.9 - 2021-06-14 + Tor 0.4.4.9 fixes several security issues, including a + denial-of-service attack against onion service clients, and another + denial-of-service attack against relays. Everybody should upgrade to + one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5. + + Note that the scheduled end-of-life date for the Tor 0.4.4.x series is + June 15. This is therefore the last release in its series. Everybody + still running 0.4.4.x should plan to upgrade to 0.4.5.x or later. + + o Major bugfixes (security, backport from 0.4.6.5): + - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on + half-closed streams. Previously, clients failed to validate which + hop sent these cells: this would allow a relay on a circuit to end + a stream that wasn't actually built with it. Fixes bug 40389; + bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- + 003 and CVE-2021-34548. + + o Major bugfixes (security, defense-in-depth, backport from 0.4.6.5): + - Detect more failure conditions from the OpenSSL RNG code. + Previously, we would detect errors from a missing RNG + implementation, but not failures from the RNG code itself. + Fortunately, it appears those failures do not happen in practice + when Tor is using OpenSSL's default RNG implementation. Fixes bug + 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as + TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. + + o Major bugfixes (security, denial of service, backport from 0.4.6.5): + - Resist a hashtable-based CPU denial-of-service attack against + relays. Previously we used a naive unkeyed hash function to look + up circuits in a circuitmux object. An attacker could exploit this + to construct circuits with chosen circuit IDs, to create + collisions and make the hash table inefficient. Now we use a + SipHash construction here instead. Fixes bug 40391; bugfix on + 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and + CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. + - Fix an out-of-bounds memory access in v3 onion service descriptor + parsing. An attacker could exploit this bug by crafting an onion + service descriptor that would crash any client that tried to visit + it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also + tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei + Glazunov from Google's Project Zero. + + o Minor features (compatibility, backport from 0.4.6.4-rc): + - Remove an assertion function related to TLS renegotiation. It was + used nowhere outside the unit tests, and it was breaking + compilation with recent alpha releases of OpenSSL 3.0.0. Closes + ticket 40399. + + o Minor features (fallback directory list, backport from 0.4.6.2-alpha): + - Regenerate the list of fallback directories to contain a new set + of 200 relays. Closes ticket 40265. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/06/10. + + o Minor bugfixes (channel, DoS, backport from 0.4.6.2-alpha): + - Fix a non-fatal BUG() message due to a too-early free of a string, + when listing a client connection from the DoS defenses subsystem. + Fixes bug 40345; bugfix on 0.4.3.4-rc. + + o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc): + - Fix an indentation problem that led to a warning from GCC 11.1.1. + Fixes bug 40380; bugfix on 0.3.0.1-alpha. + + +Changes in version 0.4.4.8 - 2021-03-16 + Tor 0.4.4.8 backports fixes for two important denial-of-service bugs + in earlier versions of Tor. + + One of these vulnerabilities (TROVE-2021-001) would allow an attacker + who can send directory data to a Tor instance to force that Tor + instance to consume huge amounts of CPU. This is easiest to exploit + against authorities, since anybody can upload to them, but directory + caches could also exploit this vulnerability against relays or clients + when they download. The other vulnerability (TROVE-2021-002) only + affects directory authorities, and would allow an attacker to remotely + crash the authority with an assertion failure. Patches have already + been provided to the authority operators, to help ensure + network stability. + + We recommend that everybody upgrade to one of the releases that fixes + these issues (0.3.5.14, 0.4.4.8, or 0.4.5.7) as they become available + to you. + + This release also updates our GeoIP data source, and fixes a + compatibility issue. + + o Major bugfixes (security, denial of service, backport from 0.4.5.7): + - Disable the dump_desc() function that we used to dump unparseable + information to disk. It was called incorrectly in several places, + in a way that could lead to excessive CPU usage. Fixes bug 40286; + bugfix on 0.2.2.1-alpha. This bug is also tracked as TROVE-2021- + 001 and CVE-2021-28089. + - Fix a bug in appending detached signatures to a pending consensus + document that could be used to crash a directory authority. Fixes + bug 40316; bugfix on 0.2.2.6-alpha. Tracked as TROVE-2021-002 + and CVE-2021-28090. + + o Minor features (geoip data, backport from 0.4.5.7): + - We have switched geoip data sources. Previously we shipped IP-to- + country mappings from Maxmind's GeoLite2, but in 2019 they changed + their licensing terms, so we were unable to update them after that + point. We now ship geoip files based on the IPFire Location + Database instead. (See https://location.ipfire.org/ for more + information). This release updates our geoip files to match the + IPFire Location Database as retrieved on 2021/03/12. Closes + ticket 40224. + + o Removed features (mallinfo deprecated, backport from 0.4.5.7): + - Remove mallinfo() usage entirely. Libc 2.33+ now deprecates it. + Closes ticket 40309. + + +Changes in version 0.4.4.7 - 2021-02-03 + Tor 0.4.4.7 backports numerous bugfixes from later releases, + including one that made v3 onion services more susceptible to + denial-of-service attacks, and a feature that makes some kinds of + DoS attacks harder to perform. + + o Major bugfixes (onion service v3, backport from 0.4.5.3-rc): + - Stop requiring a live consensus for v3 clients and services, and + allow a "reasonably live" consensus instead. This allows v3 onion + services to work even if the authorities fail to generate a + consensus for more than 2 hours in a row. Fixes bug 40237; bugfix + on 0.3.5.1-alpha. + + o Major feature (exit, backport from 0.4.5.5-rc): + - Re-entry into the network is now denied at the Exit level to all + relays' ORPorts and authorities' ORPorts and DirPorts. This change + should help mitgate a set of denial-of-service attacks. Closes + ticket 2667. + + o Minor feature (build system, backport from 0.4.5.4-rc): + - New "make lsp" command to generate the compile_commands.json file + used by the ccls language server. The "bear" program is needed for + this. Closes ticket 40227. + + o Minor features (compilation, backport from 0.4.5.2-rc): + - Disable deprecation warnings when building with OpenSSL 3.0.0 or + later. There are a number of APIs newly deprecated in OpenSSL + 3.0.0 that Tor still requires. (A later version of Tor will try to + stop depending on these APIs.) Closes ticket 40165. + + o Minor features (crypto, backport from 0.4.5.3-rc): + - Fix undefined behavior on our Keccak library. The bug only + appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) + and would result in wrong digests. Fixes bug 40210; bugfix on + 0.2.8.1-alpha. Thanks to Bernhard Ãœbelacker, Arnd Bergmann and + weasel for diagnosing this. + + o Minor bugfixes (compatibility, backport from 0.4.5.1-rc): + - Strip '\r' characters when reading text files on Unix platforms. + This should resolve an issue where a relay operator migrates a + relay from Windows to Unix, but does not change the line ending of + Tor's various state files to match the platform, and the CRLF line + endings from Windows end up leaking into other files such as the + extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5. + + o Minor bugfixes (compilation, backport from 0.4.5.3-rc): + - Fix a compilation warning about unreachable fallthrough + annotations when building with "--enable-all-bugs-are-fatal" on + some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. + + o Minor bugfixes (SOCKS5, backport from 0.4.5.3-rc): + - Handle partial SOCKS5 messages correctly. Previously, our code + would send an incorrect error message if it got a SOCKS5 request + that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing, backport from 0.4.5.2-alpha): + - Fix the `config/parse_tcp_proxy_line` test so that it works + correctly on systems where the DNS provider hijacks invalid + queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. + - Fix our Python reference-implementation for the v3 onion service + handshake so that it works correctly with the version of hashlib + provided by Python 3.9. Fixes part of bug 40179; bugfix + on 0.3.1.6-rc. + - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL + 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha. + + +Changes in version 0.4.4.6 - 2020-11-12 + Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It + backports fixes from later releases, including a fix for TROVE-2020- + 005, a security issue that could be used, under certain cases, by an + adversary to observe traffic patterns on a limited number of circuits + intended for a different relay. + + o Major bugfixes (security, backport from 0.4.5.1-alpha): + - When completing a channel, relays now check more thoroughly to + make sure that it matches any pending circuits before attaching + those circuits. Previously, address correctness and Ed25519 + identities were not checked in this case, but only when extending + circuits on an existing channel. Fixes bug 40080; bugfix on + 0.2.7.2-alpha. Resolves TROVE-2020-005. + + o Minor features (directory authorities, backport from 0.4.5.1-alpha): + - Authorities now list a different set of protocols as required and + recommended. These lists have been chosen so that only truly + recommended and/or required protocols are included, and so that + clients using 0.2.9 or later will continue to work (even though + they are not supported), whereas only relays running 0.3.5 or + later will meet the requirements. Closes ticket 40162. + - Make it possible to specify multiple ConsensusParams torrc lines. + Now directory authority operators can for example put the main + ConsensusParams config in one torrc file and then add to it from a + different torrc file. Closes ticket 40164. + + o Minor features (subprotocol versions, backport from 0.4.5.1-alpha): + - Tor no longer allows subprotocol versions larger than 63. + Previously version numbers up to UINT32_MAX were allowed, which + significantly complicated our code. Implements proposal 318; + closes ticket 40133. + + o Minor features (tests, v2 onion services, backport from 0.4.5.1-alpha): + - Fix a rendezvous cache unit test that was triggering an underflow + on the global rend cache allocation. Fixes bug 40125; bugfix + on 0.2.8.1-alpha. + - Fix another rendezvous cache unit test that was triggering an + underflow on the global rend cache allocation. Fixes bug 40126; + bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (compilation, backport from 0.4.5.1-alpha): + - Fix compiler warnings that would occur when building with + "--enable-all-bugs-are-fatal" and "--disable-module-relay" at the + same time. Fixes bug 40129; bugfix on 0.4.4.1-alpha. + - Resolve a compilation warning that could occur in + test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (logging, backport from 0.4.5.1-alpha): + - Remove a debug logging statement that uselessly spammed the logs. + Fixes bug 40135; bugfix on 0.3.5.0-alpha. + + o Minor bugfixes (relay configuration, crash, backport from 0.4.5.1-alpha): + - Avoid a fatal assert() when failing to create a listener + connection for an address that was in use. Fixes bug 40073; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (v2 onion services, backport from 0.4.5.1-alpha): + - For HSFETCH commands on v2 onion services addresses, check the + length of bytes decoded, not the base32 length. Fixes bug 34400; + bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan. + + +Changes in version 0.4.4.5 - 2020-09-15 + Tor 0.4.4.5 is the first stable release in the 0.4.4.x series. This + series improves our guard selection algorithms, adds v3 onion balance + support, improves the amount of code that can be disabled when running + without relay support, and includes numerous small bugfixes and + enhancements. It also lays the ground for some IPv6 features that + we'll be developing more in the next (0.4.5) series. + + Per our support policy, we support each stable release series for nine + months after its first stable release, or three months after the first + stable release of the next series: whichever is longer. This means + that 0.4.4.x will be supported until around June 2021--or later, if + 0.4.5.x is later than anticipated. + + Note also that support for 0.4.2.x has just ended; support for 0.4.3 + will continue until Feb 15, 2021. We still plan to continue supporting + 0.3.5.x, our long-term stable series, until Feb 2022. + + Below are the changes since 0.4.4.4-rc. For a complete list of changes + since 0.4.3.6, see the ReleaseNotes file. + + o Major bugfixes (onion services, DoS): + - Correct handling of parameters for the onion service DoS defense. + Previously, the consensus parameters for the onion service DoS + defenses were overwriting the parameters set by the service + operator using HiddenServiceEnableIntroDoSDefense. Fixes bug + 40109; bugfix on 0.4.2.1-alpha. + + o Major bugfixes (stats, onion services): + - Fix a bug where we were undercounting the Tor network's total + onion service traffic, by ignoring any traffic originating from + clients. Now we count traffic from both clients and services. + Fixes bug 40117; bugfix on 0.2.6.2-alpha. + + o Minor features (control port): + - If a ClientName was specified in ONION_CLIENT_AUTH_ADD for an + onion service, display it when we use ONION_CLIENT_AUTH_VIEW. + Closes ticket 40089. Patch by Neel Chauhan. + + o Minor features (denial-of-service memory limiter): + - Allow the user to configure even lower values for the + MaxMemInQueues parameter. Relays now enforce a minimum of 64 MB, + when previously the minimum was 256 MB. On clients, there is no + minimum. Relays and clients will both warn if the value is set so + low that Tor is likely to stop working. Closes ticket 24308. + + o Minor features (tests): + - Our "make check" target now runs the unit tests in 8 parallel + chunks. Doing this speeds up hardened CI builds by more than a + factor of two. Closes ticket 40098. + + o Minor bugfixes (guard selection algorithm): + - Avoid needless guard-related warning when upgrading from 0.4.3 to + 0.4.4. Fixes bug 40105; bugfix on 0.4.4.1-alpha. + + o Minor bugfixes (tests): + - Fix the behavior of the rend_cache/clean_v2_descs_as_dir when run + on its own. Previously, it would exit with an error. Fixes bug + 40099; bugfix on 0.2.8.1-alpha. + + +Changes in version 0.4.4.4-rc - 2020-08-13 + Tor 0.4.4.4-rc is the first release candidate in its series. It fixes + several bugs in previous versions, including some that caused annoying + behavior for relay and bridge operators. + + o Minor features (security): + - Channels using obsolete versions of the Tor link protocol are no + longer allowed to circumvent address-canonicity checks. (This is + only a minor issue, since such channels have no way to set ed25519 + keys, and therefore should always be rejected for circuits that + specify ed25519 identities.) Closes ticket 40081. + + o Minor features (defense in depth): + - Wipe more data from connection address fields before returning + them to the memory heap. Closes ticket 6198. + + o Minor bugfixes (correctness, buffers): + - Fix a correctness bug that could cause an assertion failure if we + ever tried using the buf_move_all() function with an empty input + buffer. As far as we know, no released versions of Tor do this. + Fixes bug 40076; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (linux seccomp2 sandbox): + - Fix startup crash with seccomp sandbox enabled when tor tries to + open the data directory. Patch from Daniel Pinto. Fixes bug 40072; + bugfix on 0.4.4.3-alpha-dev. + + o Minor bugfixes (onion service v3): + - Remove a BUG() warning that could trigger in certain unlikely + edge-cases. Fixes bug 34086; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (rate limiting, bridges, pluggable transports): + - On a bridge, treat all connections from an ExtORPort as remote by + default for the purposes of rate-limiting. Previously, bridges + would treat the connection as local unless they explicitly + received a "USERADDR" command. ExtORPort connections still count + as local if there is a USERADDR command with an explicit local + address. Fixes bug 33747; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (relay, self-testing): + - When starting up as a relay, if we haven't been able to verify + that we're reachable, only launch reachability tests at most once + a minute. Previously, we had been launching tests up to once a + second, which was needlessly noisy. Fixes bug 40083; bugfix + on 0.2.8.1-alpha. + + o Minor bugfixes (testing): + - When running the subsystem order check, use the Python binary + configured with the PYTHON environment variable. Fixes bug 40095; + bugfix on 0.4.4.1-alpha. + + o Minor bugfixes (windows): + - Fix a bug that prevented Tor from starting if its log file grew + above 2GB. Fixes bug 31036; bugfix on 0.2.1.8-alpha. + + +Changes in version 0.4.4.3-alpha - 2020-07-27 + Tor 0.4.4.3-alpha fixes several annoyances in previous versions, + including one affecting NSS users, and several affecting the Linux + seccomp2 sandbox. + + o Major features (fallback directory list): + - Replace the 148 fallback directories originally included in Tor + 0.4.1.4-rc (of which around 105 are still functional) with a list + of 144 fallbacks generated in July 2020. Closes ticket 40061. + + o Major bugfixes (NSS): + - When running with NSS enabled, make sure that NSS knows to expect + nonblocking sockets. Previously, we set our TCP sockets as + nonblocking, but did not tell NSS, which in turn could lead to + unexpected blocking behavior. Fixes bug 40035; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (linux seccomp2 sandbox): + - Fix a regression on sandboxing rules for the openat() syscall. The + fix for bug 25440 fixed the problem on systems with glibc >= 2.27 + but broke with versions of glibc. We now choose a rule based on + the glibc version. Patch from Daniel Pinto. Fixes bug 27315; + bugfix on 0.3.5.11. + - Makes the seccomp sandbox allow the correct syscall for opendir + according to the running glibc version. This fixes crashes when + reloading torrc with sandbox enabled when running on glibc 2.15 to + 2.21 and 2.26. Patch from Daniel Pinto. Fixes bug 40020; bugfix + on 0.3.5.11. + + o Minor bugfixes (relay, usability): + - Adjust the rules for when to warn about having too many + connections to other relays. Previously we'd tolerate up to 1.5 + connections per relay on average. Now we tolerate more connections + for directory authorities, and raise the number of total + connections we need to see before we warn. Fixes bug 33880; bugfix + on 0.3.1.1-alpha. + + o Documentation: + - Replace most http:// URLs in our code and documentation with + https:// URLs. (We have left unchanged the code in src/ext/, and + the text in LICENSE.) Closes ticket 31812. Patch from Jeremy Rand. + + o Removed features: + - Our "check-local" test target no longer tries to use the + Coccinelle semantic patching tool parse all the C files. While it + is a good idea to try to make sure Coccinelle works on our C + before we run a Coccinelle patch, doing so on every test run has + proven to be disruptive. You can still run this tool manually with + "make check-cocci". Closes ticket 40030. + + +Changes in version 0.4.4.2-alpha - 2020-07-09 + This is the second alpha release in the 0.4.4.x series. It fixes a few + bugs in the previous release, and solves a few usability, + compatibility, and portability issues. + + This release also fixes TROVE-2020-001, a medium-severity denial of + service vulnerability affecting all versions of Tor when compiled with + the NSS encryption library. (This is not the default configuration.) + Using this vulnerability, an attacker could cause an affected Tor + instance to crash remotely. This issue is also tracked as CVE-2020- + 15572. Anybody running a version of Tor built with the NSS library + should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha + or later. + + o Major bugfixes (NSS, security): + - Fix a crash due to an out-of-bound memory access when Tor is + compiled with NSS support. Fixes bug 33119; bugfix on + 0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001 + and CVE-2020-15572. + + o Minor features (bootstrap reporting): + - Report more detailed reasons for bootstrap failure when the + failure happens due to a TLS error. Previously we would just call + these errors "MISC" when they happened during read, and "DONE" + when they happened during any other TLS operation. Closes + ticket 32622. + + o Minor features (directory authority): + - Authorities now recommend the protocol versions that are supported + by Tor 0.3.5 and later. (Earlier versions of Tor have been + deprecated since January of this year.) This recommendation will + cause older clients and relays to give a warning on startup, or + when they download a consensus directory. Closes ticket 32696. + + o Minor features (entry guards): + - Reinstate support for GUARD NEW/UP/DOWN control port events. + Closes ticket 40001. + + o Minor features (linux seccomp2 sandbox, portability): + - Allow Tor to build on platforms where it doesn't know how to + report which syscall caused the linux seccomp2 sandbox to fail. + This change should make the sandbox code more portable to less + common Linux architectures. Closes ticket 34382. + - Permit the unlinkat() syscall, which some Libc implementations use + to implement unlink(). Closes ticket 33346. + + o Minor bugfix (CI, Windows): + - Use the correct 64-bit printf format when compiling with MINGW on + Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha. + + o Minor bugfix (onion service v3 client): + - Remove a BUG() warning that could occur naturally. Fixes bug + 34087; bugfix on 0.3.2.1-alpha. + + o Minor bugfix (SOCKS, onion service client): + - Detect v3 onion service addresses of the wrong length when + returning the F6 ExtendedErrors code. Fixes bug 33873; bugfix + on 0.4.3.1-alpha. + + o Minor bugfixes (compiler warnings): + - Fix a compiler warning on platforms with 32-bit time_t values. + Fixes bug 40028; bugfix on 0.3.2.8-rc. + + o Minor bugfixes (control port, onion service): + - Consistently use 'address' in "Invalid v3 address" response to + ONION_CLIENT_AUTH commands. Previously, we would sometimes say + 'addr'. Fixes bug 40005; bugfix on 0.4.3.1-alpha. + + o Minor bugfixes (logging): + - Downgrade a noisy log message that could occur naturally when + receiving an extrainfo document that we no longer want. Fixes bug + 16016; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (onion services v3): + - Avoid a non-fatal assertion failure in certain edge-cases when + opening an intro circuit as a client. Fixes bug 34084; bugfix + on 0.3.2.1-alpha. + + o Deprecated features (onion service v2): + - Add a deprecation warning for version 2 onion services. Closes + ticket 40003. + + o Removed features (IPv6, revert): + - Revert the change in the default value of ClientPreferIPv6OrPort: + it breaks the torsocks use case. The SOCKS resolve command has no + mechanism to ask for a specific address family (v4 or v6), and so + prioritizing IPv6 when an IPv4 address is requested on the SOCKS + interface resulted in a failure. Tor Browser explicitly sets + PreferIPv6, so this should not affect the majority of our users. + Closes ticket 33796; bugfix on 0.4.4.1-alpha. + + +Changes in version 0.4.4.1-alpha - 2020-06-16 + This is the first alpha release in the 0.4.4.x series. It improves + our guard selection algorithms, improves the amount of code that + can be disabled when running without relay support, and includes numerous + small bugfixes and enhancements. It also lays the ground for some IPv6 + features that we'll be developing more in the next (0.4.5) series. + + Here are the changes since 0.4.3.5. + + o Major features (Proposal 310, performance + security): + - Implements Proposal 310, "Bandaid on guard selection". Proposal + 310 solves load-balancing issues with older versions of the guard + selection algorithm, and improves its security. Under this new + algorithm, a newly selected guard never becomes Primary unless all + previously sampled guards are unreachable. Implements + recommendation from 32088. (Proposal 310 is linked to the CLAPS + project researching optimal client location-aware path selections. + This project is a collaboration between the UCLouvain Crypto Group, + the U.S. Naval Research Laboratory, and Princeton University.) + + o Major features (IPv6, relay): + - Consider IPv6-only EXTEND2 cells valid on relays. Log a protocol + warning if the IPv4 or IPv6 address is an internal address, and + internal addresses are not allowed. But continue to use the other + address, if it is valid. Closes ticket 33817. + - If a relay can extend over IPv4 and IPv6, and both addresses are + provided, it chooses between them uniformly at random. Closes + ticket 33817. + - Re-use existing IPv6 connections for circuit extends. Closes + ticket 33817. + - Relays may extend circuits over IPv6, if the relay has an IPv6 + ORPort, and the client supplies the other relay's IPv6 ORPort in + the EXTEND2 cell. IPv6 extends will be used by the relay IPv6 + ORPort self-tests in 33222. Closes ticket 33817. + + o Major features (v3 onion services): + - Allow v3 onion services to act as OnionBalance backend instances, + by using the HiddenServiceOnionBalanceInstance torrc option. + Closes ticket 32709. + + o Minor feature (developer tools): + - Add a script to help check the alphabetical ordering of option + names in the manual page. Closes ticket 33339. + + o Minor feature (onion service client, SOCKS5): + - Add 3 new SocksPort ExtendedErrors (F2, F3, F7) that reports back + new type of onion service connection failures. The semantics of + these error codes are documented in proposal 309. Closes + ticket 32542. + + o Minor feature (onion service v3): + - If a service cannot upload its descriptor(s), log why at INFO + level. Closes ticket 33400; bugfix on 0.3.2.1-alpha. + + o Minor feature (python scripts): + - Stop assuming that /usr/bin/python exists. Instead of using a + hardcoded path in scripts that still use Python 2, use + /usr/bin/env, similarly to the scripts that use Python 3. Fixes + bug 33192; bugfix on 0.4.2. + + o Minor features (client-only compilation): + - Disable more code related to the ext_orport protocol when + compiling without support for relay mode. Closes ticket 33368. + - Disable more of our self-testing code when support for relay mode + is disabled. Closes ticket 33370. + + o Minor features (code safety): + - Check for failures of tor_inet_ntop() and tor_inet_ntoa() + functions in DNS and IP address processing code, and adjust + codepaths to make them less likely to crash entire Tor instances. + Resolves issue 33788. + + o Minor features (compilation size): + - Most server-side DNS code is now disabled when building without + support for relay mode. Closes ticket 33366. + + o Minor features (continuous integration): + - Run unit-test and integration test (Stem, Chutney) jobs with + ALL_BUGS_ARE_FATAL macro being enabled on Travis and Appveyor. + Resolves ticket 32143. + + o Minor features (control port): + - Return a descriptive error message from the 'GETINFO status/fresh- + relay-descs' command on the control port. Previously, we returned + a generic error of "Error generating descriptor". Closes ticket + 32873. Patch by Neel Chauhan. + + o Minor features (developer tooling): + - Refrain from listing all .a files that are generated by the Tor + build in .gitignore. Add a single wildcard *.a entry that covers + all of them for present and future. Closes ticket 33642. + - Add a script ("git-install-tools.sh") to install git hooks and + helper scripts. Closes ticket 33451. + + o Minor features (directory authority, shared random): + - Refactor more authority-only parts of the shared-random scheduling + code to reside in the dirauth module, and to be disabled when + compiling with --disable-module-dirauth. Closes ticket 33436. + + o Minor features (directory): + - Remember the number of bytes we have downloaded for each directory + purpose while bootstrapping, and while fully bootstrapped. Log + this information as part of the heartbeat message. Closes + ticket 32720. + + o Minor features (IPv6 support): + - Adds IPv6 support to tor_addr_is_valid(). Adds tests for the above + changes and tor_addr_is_null(). Closes ticket 33679. Patch + by MrSquanchee. + - Allow clients and relays to send dual-stack and IPv6-only EXTEND2 + cells. Parse dual-stack and IPv6-only EXTEND2 cells on relays. + Closes ticket 33901. + + o Minor features (logging): + - When trying to find our own address, add debug-level logging to + report the sources of candidate addresses. Closes ticket 32888. + + o Minor features (testing, architecture): + - Our test scripts now double-check that subsystem initialization + order is consistent with the inter-module dependencies established + by our .may_include files. Implements ticket 31634. + - Initialize all subsystems at the beginning of our unit test + harness, to avoid crashes due to uninitialized subsystems. Follow- + up from ticket 33316. + + o Minor features (v3 onion services): + - Add v3 onion service status to the dumpstats() call which is + triggered by a SIGUSR1 signal. Previously, we only did v2 onion + services. Closes ticket 24844. Patch by Neel Chauhan. + + o Minor features (windows): + - Add support for console control signals like Ctrl+C in Windows. + Closes ticket 34211. Patch from Damon Harris (TheDcoder). + + o Minor bugfix (onion service v3): + - Prevent an assert() that would occur when cleaning the client + descriptor cache, and attempting to close circuits for a non- + decrypted descriptor (lacking client authorization). Fixes bug + 33458; bugfix on 0.4.2.1-alpha. + + o Minor bugfix (refactoring): + - Lift circuit_build_times_disabled() out of the + circuit_expire_building() loop, to save CPU time when there are + many circuits open. Fixes bug 33977; bugfix on 0.3.5.9. + + o Minor bugfixes (client performance): + - Resume use of preemptively-built circuits when UseEntryGuards is set + to 0. We accidentally disabled this feature with that config + setting, leading to slower load times. Fixes bug 34303; bugfix + on 0.3.3.2-alpha. + + o Minor bugfixes (directory authorities): + - Directory authorities now reject votes that arrive too late. In + particular, once an authority has started fetching missing votes, + it no longer accepts new votes posted by other authorities. This + change helps prevent a consensus split, where only some authorities + have the late vote. Fixes bug 4631; bugfix on 0.2.0.5-alpha. + + o Minor bugfixes (git scripts): + - Stop executing the checked-out pre-commit hook from the pre-push + hook. Instead, execute the copy in the user's git directory. Fixes + bug 33284; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (initialization): + - Initialize the subsystems in our code in an order more closely + corresponding to their dependencies, so that every system is + initialized before the ones that (theoretically) depend on it. + Fixes bug 33316; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (IPv4, relay): + - Check for invalid zero IPv4 addresses and ports when sending and + receiving extend cells. Fixes bug 33900; bugfix on 0.2.4.8-alpha. + + o Minor bugfixes (IPv6, relay): + - Consider IPv6 addresses when checking if a connection is + canonical. In 17604, relays assumed that a remote relay could + consider an IPv6 connection canonical, but did not set the + canonical flag on their side of the connection. Fixes bug 33899; + bugfix on 0.3.1.1-alpha. + - Log IPv6 addresses on connections where this relay is the + responder. Previously, responding relays would replace the remote + IPv6 address with the IPv4 address from the consensus. Fixes bug + 33899; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (linux seccomp sandbox nss): + - Fix a startup crash when tor is compiled with --enable-nss and + sandbox support is enabled. Fixes bug 34130; bugfix on + 0.3.5.1-alpha. Patch by Daniel Pinto. + + o Minor bugfixes (logging, testing): + - Make all of tor's assertion macros support the ALL_BUGS_ARE_FATAL + and DISABLE_ASSERTS_IN_UNIT_TESTS debugging modes. (IF_BUG_ONCE() + used to log a non-fatal warning, regardless of the debugging + mode.) Fixes bug 33917; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (logs): + - Remove surprising empty line in the INFO-level log about circuit + build timeout. Fixes bug 33531; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (mainloop): + - Better guard against growing a buffer past its maximum 2GB in + size. Fixes bug 33131; bugfix on 0.3.0.4-rc. + + o Minor bugfixes (manual page): + - Update the man page to reflect that MinUptimeHidServDirectoryV2 + defaults to 96 hours. Fixes bug 34299; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (onion service v3, client): + - Remove a BUG() that was causing a stacktrace when a descriptor + changed at an unexpected time. Fixes bug 28992; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (onion service, logging): + - Fix a typo in a log message PublishHidServDescriptors is set to 0. + Fixes bug 33779; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (portability): + - Fix a portability error in the configure script, where we were + using "==" instead of "=". Fixes bug 34233; bugfix on 0.4.3.5. + + o Minor bugfixes (protocol versions): + - Sort tor's supported protocol version lists, as recommended by the + tor directory specification. Fixes bug 33285; bugfix + on 0.4.0.1-alpha. + + o Minor bugfixes (relays): + - Stop advertising incorrect IPv6 ORPorts in relay and bridge + descriptors, when the IPv6 port was configured as "auto". Fixes + bug 32588; bugfix on 0.2.3.9-alpha. + + o Code simplification and refactoring: + - Define and use a new constant TOR_ADDRPORT_BUF_LEN which is like + TOR_ADDR_BUF_LEN but includes enough space for an IP address, + brackets, separating colon, and port number. Closes ticket 33956. + Patch by Neel Chauhan. + - Merge the orconn and ocirc events into the "core" subsystem, which + manages or connections and origin circuits. Previously they were + isolated in subsystems of their own. + - Move LOG_PROTOCOL_WARN to app/config. Resolves a dependency + inversion. Closes ticket 33633. + - Move the circuit extend code to the relay module. Split the + circuit extend function into smaller functions. Closes + ticket 33633. + - Rewrite port_parse_config() to use the default port flags from + port_cfg_new(). Closes ticket 32994. Patch by MrSquanchee. + - Updated comments in 'scheduler.c' to reflect old code changes, and + simplified the scheduler channel state change code. Closes + ticket 33349. + + o Documentation: + - Document the limitations of using %include on config files with + seccomp sandbox enabled. Fixes documentation bug 34133; bugfix on + 0.3.1.1-alpha. Patch by Daniel Pinto. + - Fix several doxygen warnings related to imbalanced groups. Closes + ticket 34255. + + o Removed features: + - Remove the ClientAutoIPv6ORPort option. This option attempted to + randomly choose between IPv4 and IPv6 for client connections, and + wasn't a true implementation of Happy Eyeballs. Often, this option + failed on IPv4-only or IPv6-only connections. Closes ticket 32905. + Patch by Neel Chauhan. + - Stop shipping contrib/dist/rc.subr file, as it is not being used + on FreeBSD anymore. Closes issue 31576. + + o Testing: + - Add a basic IPv6 test to "make test-network". This test only runs + when the local machine has an IPv6 stack. Closes ticket 33300. + - Add test-network-ipv4 and test-network-ipv6 jobs to the Makefile. + These jobs run the IPv4-only and dual-stack chutney flavours from + test-network-all. Closes ticket 33280. + - Remove a redundant distcheck job. Closes ticket 33194. + - Run the test-network-ipv6 Makefile target in the Travis CI IPv6 + chutney job. This job runs on macOS, so it's a bit slow. Closes + ticket 33303. + - Sort the Travis jobs in order of speed. Putting the slowest jobs + first takes full advantage of Travis job concurrency. Closes + ticket 33194. + - Stop allowing the Chutney IPv6 Travis job to fail. This job was + previously configured to fast_finish (which requires + allow_failure), to speed up the build. Closes ticket 33195. + - Test v3 onion services to tor's mixed IPv4 chutney network. And + add a mixed IPv6 chutney network. These networks are used in the + test-network-all, test-network-ipv4, and test-network-ipv6 make + targets. Closes ticket 33334. + - Use the "bridges+hs-v23" chutney network flavour in "make test- + network". This test requires a recent version of chutney (mid- + February 2020). Closes ticket 28208. + - When a Travis chutney job fails, use chutney's new "diagnostics.sh" + tool to produce detailed diagnostic output. Closes ticket 32792. + + o Code simplification and refactoring (onion service): + - Refactor configuration parsing to use the new config subsystem + code. Closes ticket 33014. + + o Code simplification and refactoring (relay address): + - Move a series of functions related to address resolving into their + own files. Closes ticket 33789. + + o Documentation (manual page): + - Add cross reference links and a table of contents to the HTML tor + manual page. Closes ticket 33369. Work by Swati Thacker as part of + Google Season of Docs. + - Alphabetize the Denial of Service Mitigation Options, Directory + Authority Server Options, Hidden Service Options, and Testing + Network Options sections of the tor(1) manual page. Closes ticket + 33275. Work by Swati Thacker as part of Google Season of Docs. + - Refrain from mentioning nicknames in manpage section for MyFamily + torrc option. Resolves issue 33417. + - Updated the options set by TestingTorNetwork in the manual page. + Closes ticket 33778. + + Changes in version 0.4.3.5 - 2020-05-15 Tor 0.4.3.5 is the first stable release in the 0.4.3.x series. This series adds support for building without relay code enabled, and diff --git a/ReleaseNotes b/ReleaseNotes index a572293c07..63b6ce9f93 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,692 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.4.4.9 - 2021-06-14 + Tor 0.4.4.9 fixes several security issues, including a + denial-of-service attack against onion service clients, and another + denial-of-service attack against relays. Everybody should upgrade to + one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5. + + Note that the scheduled end-of-life date for the Tor 0.4.4.x series is + June 15. This is therefore the last release in its series. Everybody + still running 0.4.4.x should plan to upgrade to 0.4.5.x or later. + + o Major bugfixes (security, backport from 0.4.6.5): + - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on + half-closed streams. Previously, clients failed to validate which + hop sent these cells: this would allow a relay on a circuit to end + a stream that wasn't actually built with it. Fixes bug 40389; + bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- + 003 and CVE-2021-34548. + + o Major bugfixes (security, defense-in-depth, backport from 0.4.6.5): + - Detect more failure conditions from the OpenSSL RNG code. + Previously, we would detect errors from a missing RNG + implementation, but not failures from the RNG code itself. + Fortunately, it appears those failures do not happen in practice + when Tor is using OpenSSL's default RNG implementation. Fixes bug + 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as + TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. + + o Major bugfixes (security, denial of service, backport from 0.4.6.5): + - Resist a hashtable-based CPU denial-of-service attack against + relays. Previously we used a naive unkeyed hash function to look + up circuits in a circuitmux object. An attacker could exploit this + to construct circuits with chosen circuit IDs, to create + collisions and make the hash table inefficient. Now we use a + SipHash construction here instead. Fixes bug 40391; bugfix on + 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and + CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. + - Fix an out-of-bounds memory access in v3 onion service descriptor + parsing. An attacker could exploit this bug by crafting an onion + service descriptor that would crash any client that tried to visit + it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also + tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei + Glazunov from Google's Project Zero. + + o Minor features (compatibility, backport from 0.4.6.4-rc): + - Remove an assertion function related to TLS renegotiation. It was + used nowhere outside the unit tests, and it was breaking + compilation with recent alpha releases of OpenSSL 3.0.0. Closes + ticket 40399. + + o Minor features (fallback directory list, backport from 0.4.6.2-alpha): + - Regenerate the list of fallback directories to contain a new set + of 200 relays. Closes ticket 40265. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/06/10. + + o Minor bugfixes (channel, DoS, backport from 0.4.6.2-alpha): + - Fix a non-fatal BUG() message due to a too-early free of a string, + when listing a client connection from the DoS defenses subsystem. + Fixes bug 40345; bugfix on 0.4.3.4-rc. + + o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc): + - Fix an indentation problem that led to a warning from GCC 11.1.1. + Fixes bug 40380; bugfix on 0.3.0.1-alpha. + + +Changes in version 0.4.4.8 - 2021-03-16 + Tor 0.4.4.8 backports fixes for two important denial-of-service bugs + in earlier versions of Tor. + + One of these vulnerabilities (TROVE-2021-001) would allow an attacker + who can send directory data to a Tor instance to force that Tor + instance to consume huge amounts of CPU. This is easiest to exploit + against authorities, since anybody can upload to them, but directory + caches could also exploit this vulnerability against relays or clients + when they download. The other vulnerability (TROVE-2021-002) only + affects directory authorities, and would allow an attacker to remotely + crash the authority with an assertion failure. Patches have already + been provided to the authority operators, to help ensure + network stability. + + We recommend that everybody upgrade to one of the releases that fixes + these issues (0.3.5.14, 0.4.4.8, or 0.4.5.7) as they become available + to you. + + This release also updates our GeoIP data source, and fixes a + compatibility issue. + + o Major bugfixes (security, denial of service, backport from 0.4.5.7): + - Disable the dump_desc() function that we used to dump unparseable + information to disk. It was called incorrectly in several places, + in a way that could lead to excessive CPU usage. Fixes bug 40286; + bugfix on 0.2.2.1-alpha. This bug is also tracked as TROVE-2021- + 001 and CVE-2021-28089. + - Fix a bug in appending detached signatures to a pending consensus + document that could be used to crash a directory authority. Fixes + bug 40316; bugfix on 0.2.2.6-alpha. Tracked as TROVE-2021-002 + and CVE-2021-28090. + + o Minor features (geoip data, backport from 0.4.5.7): + - We have switched geoip data sources. Previously we shipped IP-to- + country mappings from Maxmind's GeoLite2, but in 2019 they changed + their licensing terms, so we were unable to update them after that + point. We now ship geoip files based on the IPFire Location + Database instead. (See https://location.ipfire.org/ for more + information). This release updates our geoip files to match the + IPFire Location Database as retrieved on 2021/03/12. Closes + ticket 40224. + + o Removed features (mallinfo deprecated, backport from 0.4.5.7): + - Remove mallinfo() usage entirely. Libc 2.33+ now deprecates it. + Closes ticket 40309. + + +Changes in version 0.4.4.7 - 2021-02-03 + Tor 0.4.4.7 backports numerous bugfixes from later releases, + including one that made v3 onion services more susceptible to + denial-of-service attacks, and a feature that makes some kinds of + DoS attacks harder to perform. + + o Major bugfixes (onion service v3, backport from 0.4.5.3-rc): + - Stop requiring a live consensus for v3 clients and services, and + allow a "reasonably live" consensus instead. This allows v3 onion + services to work even if the authorities fail to generate a + consensus for more than 2 hours in a row. Fixes bug 40237; bugfix + on 0.3.5.1-alpha. + + o Major feature (exit, backport from 0.4.5.5-rc): + - Re-entry into the network is now denied at the Exit level to all + relays' ORPorts and authorities' ORPorts and DirPorts. This change + should help mitgate a set of denial-of-service attacks. Closes + ticket 2667. + + o Minor feature (build system, backport from 0.4.5.4-rc): + - New "make lsp" command to generate the compile_commands.json file + used by the ccls language server. The "bear" program is needed for + this. Closes ticket 40227. + + o Minor features (compilation, backport from 0.4.5.2-rc): + - Disable deprecation warnings when building with OpenSSL 3.0.0 or + later. There are a number of APIs newly deprecated in OpenSSL + 3.0.0 that Tor still requires. (A later version of Tor will try to + stop depending on these APIs.) Closes ticket 40165. + + o Minor features (crypto, backport from 0.4.5.3-rc): + - Fix undefined behavior on our Keccak library. The bug only + appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) + and would result in wrong digests. Fixes bug 40210; bugfix on + 0.2.8.1-alpha. Thanks to Bernhard Ãœbelacker, Arnd Bergmann and + weasel for diagnosing this. + + o Minor bugfixes (compatibility, backport from 0.4.5.1-rc): + - Strip '\r' characters when reading text files on Unix platforms. + This should resolve an issue where a relay operator migrates a + relay from Windows to Unix, but does not change the line ending of + Tor's various state files to match the platform, and the CRLF line + endings from Windows end up leaking into other files such as the + extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5. + + o Minor bugfixes (compilation, backport from 0.4.5.3-rc): + - Fix a compilation warning about unreachable fallthrough + annotations when building with "--enable-all-bugs-are-fatal" on + some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. + + o Minor bugfixes (SOCKS5, backport from 0.4.5.3-rc): + - Handle partial SOCKS5 messages correctly. Previously, our code + would send an incorrect error message if it got a SOCKS5 request + that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing, backport from 0.4.5.2-alpha): + - Fix the `config/parse_tcp_proxy_line` test so that it works + correctly on systems where the DNS provider hijacks invalid + queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. + - Fix our Python reference-implementation for the v3 onion service + handshake so that it works correctly with the version of hashlib + provided by Python 3.9. Fixes part of bug 40179; bugfix + on 0.3.1.6-rc. + - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL + 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha. + + +Changes in version 0.4.4.6 - 2020-11-12 + Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It + backports fixes from later releases, including a fix for TROVE-2020- + 005, a security issue that could be used, under certain cases, by an + adversary to observe traffic patterns on a limited number of circuits + intended for a different relay. + + o Major bugfixes (security, backport from 0.4.5.1-alpha): + - When completing a channel, relays now check more thoroughly to + make sure that it matches any pending circuits before attaching + those circuits. Previously, address correctness and Ed25519 + identities were not checked in this case, but only when extending + circuits on an existing channel. Fixes bug 40080; bugfix on + 0.2.7.2-alpha. Resolves TROVE-2020-005. + + o Minor features (directory authorities, backport from 0.4.5.1-alpha): + - Authorities now list a different set of protocols as required and + recommended. These lists have been chosen so that only truly + recommended and/or required protocols are included, and so that + clients using 0.2.9 or later will continue to work (even though + they are not supported), whereas only relays running 0.3.5 or + later will meet the requirements. Closes ticket 40162. + - Make it possible to specify multiple ConsensusParams torrc lines. + Now directory authority operators can for example put the main + ConsensusParams config in one torrc file and then add to it from a + different torrc file. Closes ticket 40164. + + o Minor features (subprotocol versions, backport from 0.4.5.1-alpha): + - Tor no longer allows subprotocol versions larger than 63. + Previously version numbers up to UINT32_MAX were allowed, which + significantly complicated our code. Implements proposal 318; + closes ticket 40133. + + o Minor features (tests, v2 onion services, backport from 0.4.5.1-alpha): + - Fix a rendezvous cache unit test that was triggering an underflow + on the global rend cache allocation. Fixes bug 40125; bugfix + on 0.2.8.1-alpha. + - Fix another rendezvous cache unit test that was triggering an + underflow on the global rend cache allocation. Fixes bug 40126; + bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (compilation, backport from 0.4.5.1-alpha): + - Fix compiler warnings that would occur when building with + "--enable-all-bugs-are-fatal" and "--disable-module-relay" at the + same time. Fixes bug 40129; bugfix on 0.4.4.1-alpha. + - Resolve a compilation warning that could occur in + test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (logging, backport from 0.4.5.1-alpha): + - Remove a debug logging statement that uselessly spammed the logs. + Fixes bug 40135; bugfix on 0.3.5.0-alpha. + + o Minor bugfixes (relay configuration, crash, backport from 0.4.5.1-alpha): + - Avoid a fatal assert() when failing to create a listener + connection for an address that was in use. Fixes bug 40073; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (v2 onion services, backport from 0.4.5.1-alpha): + - For HSFETCH commands on v2 onion services addresses, check the + length of bytes decoded, not the base32 length. Fixes bug 34400; + bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan. + + +Changes in version 0.4.4.5 - 2020-09-15 + Tor 0.4.4.5 is the first stable release in the 0.4.4.x series. This + series improves our guard selection algorithms, adds v3 onion balance + support, improves the amount of code that can be disabled when running + without relay support, and includes numerous small bugfixes and + enhancements. It also lays the ground for some IPv6 features that + we'll be developing more in the next (0.4.5) series. + + Per our support policy, we support each stable release series for nine + months after its first stable release, or three months after the first + stable release of the next series: whichever is longer. This means + that 0.4.4.x will be supported until around June 2021--or later, if + 0.4.5.x is later than anticipated. + + Note also that support for 0.4.2.x has just ended; support for 0.4.3 + will continue until Feb 15, 2021. We still plan to continue supporting + 0.3.5.x, our long-term stable series, until Feb 2022. + + Below are the changes since 0.4.3.6-rc. For a complete list of changes + since 0.4.4.4-rc, see the ChangeLog file. + + o Major features (Proposal 310, performance + security): + - Implements Proposal 310, "Bandaid on guard selection". Proposal + 310 solves load-balancing issues with older versions of the guard + selection algorithm, and improves its security. Under this new + algorithm, a newly selected guard never becomes Primary unless all + previously sampled guards are unreachable. Implements + recommendation from 32088. (Proposal 310 is linked to the CLAPS + project researching optimal client location-aware path selections. + This project is a collaboration between the UCLouvain Crypto Group, + the U.S. Naval Research Laboratory, and Princeton University.) + + o Major features (fallback directory list): + - Replace the 148 fallback directories originally included in Tor + 0.4.1.4-rc (of which around 105 are still functional) with a list + of 144 fallbacks generated in July 2020. Closes ticket 40061. + + o Major features (IPv6, relay): + - Consider IPv6-only EXTEND2 cells valid on relays. Log a protocol + warning if the IPv4 or IPv6 address is an internal address, and + internal addresses are not allowed. But continue to use the other + address, if it is valid. Closes ticket 33817. + - If a relay can extend over IPv4 and IPv6, and both addresses are + provided, it chooses between them uniformly at random. Closes + ticket 33817. + - Re-use existing IPv6 connections for circuit extends. Closes + ticket 33817. + - Relays may extend circuits over IPv6, if the relay has an IPv6 + ORPort, and the client supplies the other relay's IPv6 ORPort in + the EXTEND2 cell. IPv6 extends will be used by the relay IPv6 + ORPort self-tests in 33222. Closes ticket 33817. + + o Major features (v3 onion services): + - Allow v3 onion services to act as OnionBalance backend instances, + by using the HiddenServiceOnionBalanceInstance torrc option. + Closes ticket 32709. + + o Major bugfixes (NSS): + - When running with NSS enabled, make sure that NSS knows to expect + nonblocking sockets. Previously, we set our TCP sockets as + nonblocking, but did not tell NSS, which in turn could lead to + unexpected blocking behavior. Fixes bug 40035; bugfix + on 0.3.5.1-alpha. + + o Major bugfixes (onion services, DoS): + - Correct handling of parameters for the onion service DoS defense. + Previously, the consensus parameters for the onion service DoS + defenses were overwriting the parameters set by the service + operator using HiddenServiceEnableIntroDoSDefense. Fixes bug + 40109; bugfix on 0.4.2.1-alpha. + + o Major bugfixes (stats, onion services): + - Fix a bug where we were undercounting the Tor network's total + onion service traffic, by ignoring any traffic originating from + clients. Now we count traffic from both clients and services. + Fixes bug 40117; bugfix on 0.2.6.2-alpha. + + o Minor features (security): + - Channels using obsolete versions of the Tor link protocol are no + longer allowed to circumvent address-canonicity checks. (This is + only a minor issue, since such channels have no way to set ed25519 + keys, and therefore should always be rejected for circuits that + specify ed25519 identities.) Closes ticket 40081. + + o Minor features (bootstrap reporting): + - Report more detailed reasons for bootstrap failure when the + failure happens due to a TLS error. Previously we would just call + these errors "MISC" when they happened during read, and "DONE" + when they happened during any other TLS operation. Closes + ticket 32622. + + o Minor features (client-only compilation): + - Disable more code related to the ext_orport protocol when + compiling without support for relay mode. Closes ticket 33368. + - Disable more of our self-testing code when support for relay mode + is disabled. Closes ticket 33370. + - Most server-side DNS code is now disabled when building without + support for relay mode. Closes ticket 33366. + + o Minor features (code safety): + - Check for failures of tor_inet_ntop() and tor_inet_ntoa() + functions in DNS and IP address processing code, and adjust + codepaths to make them less likely to crash entire Tor instances. + Resolves issue 33788. + + o Minor features (continuous integration): + - Run unit-test and integration test (Stem, Chutney) jobs with + ALL_BUGS_ARE_FATAL macro being enabled on Travis and Appveyor. + Resolves ticket 32143. + + o Minor features (control port): + - If a ClientName was specified in ONION_CLIENT_AUTH_ADD for an + onion service, display it when we use ONION_CLIENT_AUTH_VIEW. + Closes ticket 40089. Patch by Neel Chauhan. + - Return a descriptive error message from the 'GETINFO status/fresh- + relay-descs' command on the control port. Previously, we returned + a generic error of "Error generating descriptor". Closes ticket + 32873. Patch by Neel Chauhan. + + o Minor features (defense in depth): + - Wipe more data from connection address fields before returning + them to the memory heap. Closes ticket 6198. + + o Minor features (denial-of-service memory limiter): + - Allow the user to configure even lower values for the + MaxMemInQueues parameter. Relays now enforce a minimum of 64 MB, + when previously the minimum was 256 MB. On clients, there is no + minimum. Relays and clients will both warn if the value is set so + low that Tor is likely to stop working. Closes ticket 24308. + + o Minor features (developer tooling): + - Add a script to help check the alphabetical ordering of option + names in the manual page. Closes ticket 33339. + - Refrain from listing all .a files that are generated by the Tor + build in .gitignore. Add a single wildcard *.a entry that covers + all of them for present and future. Closes ticket 33642. + - Add a script ("git-install-tools.sh") to install git hooks and + helper scripts. Closes ticket 33451. + + o Minor features (directory authority): + - Authorities now recommend the protocol versions that are supported + by Tor 0.3.5 and later. (Earlier versions of Tor have been + deprecated since January of this year.) This recommendation will + cause older clients and relays to give a warning on startup, or + when they download a consensus directory. Closes ticket 32696. + + o Minor features (directory authority, shared random): + - Refactor more authority-only parts of the shared-random scheduling + code to reside in the dirauth module, and to be disabled when + compiling with --disable-module-dirauth. Closes ticket 33436. + + o Minor features (directory): + - Remember the number of bytes we have downloaded for each directory + purpose while bootstrapping, and while fully bootstrapped. Log + this information as part of the heartbeat message. Closes + ticket 32720. + + o Minor features (entry guards): + - Reinstate support for GUARD NEW/UP/DOWN control port events. + Closes ticket 40001. + + o Minor features (IPv6 support): + - Adds IPv6 support to tor_addr_is_valid(). Adds tests for the above + changes and tor_addr_is_null(). Closes ticket 33679. Patch + by MrSquanchee. + - Allow clients and relays to send dual-stack and IPv6-only EXTEND2 + cells. Parse dual-stack and IPv6-only EXTEND2 cells on relays. + Closes ticket 33901. + + o Minor features (linux seccomp2 sandbox, portability): + - Allow Tor to build on platforms where it doesn't know how to + report which syscall caused the linux seccomp2 sandbox to fail. + This change should make the sandbox code more portable to less + common Linux architectures. Closes ticket 34382. + - Permit the unlinkat() syscall, which some Libc implementations use + to implement unlink(). Closes ticket 33346. + + o Minor features (logging): + - When trying to find our own address, add debug-level logging to + report the sources of candidate addresses. Closes ticket 32888. + + o Minor features (onion service client, SOCKS5): + - Add 3 new SocksPort ExtendedErrors (F2, F3, F7) that reports back + new type of onion service connection failures. The semantics of + these error codes are documented in proposal 309. Closes + ticket 32542. + + o Minor features (onion service v3): + - If a service cannot upload its descriptor(s), log why at INFO + level. Closes ticket 33400; bugfix on 0.3.2.1-alpha. + + o Minor features (python scripts): + - Stop assuming that /usr/bin/python exists. Instead of using a + hardcoded path in scripts that still use Python 2, use + /usr/bin/env, similarly to the scripts that use Python 3. Fixes + bug 33192; bugfix on 0.4.2. + + o Minor features (testing, architecture): + - Our test scripts now double-check that subsystem initialization + order is consistent with the inter-module dependencies established + by our .may_include files. Implements ticket 31634. + - Initialize all subsystems at the beginning of our unit test + harness, to avoid crashes due to uninitialized subsystems. Follow- + up from ticket 33316. + - Our "make check" target now runs the unit tests in 8 parallel + chunks. Doing this speeds up hardened CI builds by more than a + factor of two. Closes ticket 40098. + + o Minor features (v3 onion services): + - Add v3 onion service status to the dumpstats() call which is + triggered by a SIGUSR1 signal. Previously, we only did v2 onion + services. Closes ticket 24844. Patch by Neel Chauhan. + + o Minor features (windows): + - Add support for console control signals like Ctrl+C in Windows. + Closes ticket 34211. Patch from Damon Harris (TheDcoder). + + o Minor bugfixes (control port, onion service): + - Consistently use 'address' in "Invalid v3 address" response to + ONION_CLIENT_AUTH commands. Previously, we would sometimes say + 'addr'. Fixes bug 40005; bugfix on 0.4.3.1-alpha. + + o Minor bugfixes (correctness, buffers): + - Fix a correctness bug that could cause an assertion failure if we + ever tried using the buf_move_all() function with an empty input + buffer. As far as we know, no released versions of Tor do this. + Fixes bug 40076; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (directory authorities): + - Directory authorities now reject votes that arrive too late. In + particular, once an authority has started fetching missing votes, + it no longer accepts new votes posted by other authorities. This + change helps prevent a consensus split, where only some authorities + have the late vote. Fixes bug 4631; bugfix on 0.2.0.5-alpha. + + o Minor bugfixes (git scripts): + - Stop executing the checked-out pre-commit hook from the pre-push + hook. Instead, execute the copy in the user's git directory. Fixes + bug 33284; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (initialization): + - Initialize the subsystems in our code in an order more closely + corresponding to their dependencies, so that every system is + initialized before the ones that (theoretically) depend on it. + Fixes bug 33316; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (IPv4, relay): + - Check for invalid zero IPv4 addresses and ports when sending and + receiving extend cells. Fixes bug 33900; bugfix on 0.2.4.8-alpha. + + o Minor bugfixes (IPv6, relay): + - Consider IPv6 addresses when checking if a connection is + canonical. In 17604, relays assumed that a remote relay could + consider an IPv6 connection canonical, but did not set the + canonical flag on their side of the connection. Fixes bug 33899; + bugfix on 0.3.1.1-alpha. + - Log IPv6 addresses on connections where this relay is the + responder. Previously, responding relays would replace the remote + IPv6 address with the IPv4 address from the consensus. Fixes bug + 33899; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (linux seccomp2 sandbox): + - Fix a regression on sandboxing rules for the openat() syscall. The + fix for bug 25440 fixed the problem on systems with glibc >= 2.27 + but broke with versions of glibc. We now choose a rule based on + the glibc version. Patch from Daniel Pinto. Fixes bug 27315; + bugfix on 0.3.5.11. + - Makes the seccomp sandbox allow the correct syscall for opendir + according to the running glibc version. This fixes crashes when + reloading torrc with sandbox enabled when running on glibc 2.15 to + 2.21 and 2.26. Patch from Daniel Pinto. Fixes bug 40020; bugfix + on 0.3.5.11. + + o Minor bugfixes (logging, testing): + - Make all of tor's assertion macros support the ALL_BUGS_ARE_FATAL + and DISABLE_ASSERTS_IN_UNIT_TESTS debugging modes. (IF_BUG_ONCE() + used to log a non-fatal warning, regardless of the debugging + mode.) Fixes bug 33917; bugfix on 0.2.9.1-alpha. + - Remove surprising empty line in the INFO-level log about circuit + build timeout. Fixes bug 33531; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (mainloop): + - Better guard against growing a buffer past its maximum 2GB in + size. Fixes bug 33131; bugfix on 0.3.0.4-rc. + + o Minor bugfixes (onion service v3 client): + - Remove a BUG() warning that could occur naturally. Fixes bug + 34087; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (onion service, logging): + - Fix a typo in a log message PublishHidServDescriptors is set to 0. + Fixes bug 33779; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (onion services v3): + - Avoid a non-fatal assertion failure in certain edge-cases when + opening an intro circuit as a client. Fixes bug 34084; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (protocol versions): + - Sort tor's supported protocol version lists, as recommended by the + tor directory specification. Fixes bug 33285; bugfix + on 0.4.0.1-alpha. + + o Minor bugfixes (rate limiting, bridges, pluggable transports): + - On a bridge, treat all connections from an ExtORPort as remote by + default for the purposes of rate-limiting. Previously, bridges + would treat the connection as local unless they explicitly + received a "USERADDR" command. ExtORPort connections still count + as local if there is a USERADDR command with an explicit local + address. Fixes bug 33747; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (refactoring): + - Lift circuit_build_times_disabled() out of the + circuit_expire_building() loop, to save CPU time when there are + many circuits open. Fixes bug 33977; bugfix on 0.3.5.9. + + o Minor bugfixes (relay, self-testing): + - When starting up as a relay, if we haven't been able to verify + that we're reachable, only launch reachability tests at most once + a minute. Previously, we had been launching tests up to once a + second, which was needlessly noisy. Fixes bug 40083; bugfix + on 0.2.8.1-alpha. + + o Minor bugfixes (relay, usability): + - Adjust the rules for when to warn about having too many + connections to other relays. Previously we'd tolerate up to 1.5 + connections per relay on average. Now we tolerate more connections + for directory authorities, and raise the number of total + connections we need to see before we warn. Fixes bug 33880; bugfix + on 0.3.1.1-alpha. + + o Minor bugfixes (SOCKS, onion service client): + - Detect v3 onion service addresses of the wrong length when + returning the F6 ExtendedErrors code. Fixes bug 33873; bugfix + on 0.4.3.1-alpha. + + o Minor bugfixes (tests): + - Fix the behavior of the rend_cache/clean_v2_descs_as_dir when run + on its own. Previously, it would exit with an error. Fixes bug + 40099; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (v3 onion services): + - Remove a BUG() warning that could trigger in certain unlikely + edge-cases. Fixes bug 34086; bugfix on 0.3.2.1-alpha. + - Remove a BUG() that was causing a stacktrace when a descriptor + changed at an unexpected time. Fixes bug 28992; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (windows): + - Fix a bug that prevented Tor from starting if its log file grew + above 2GB. Fixes bug 31036; bugfix on 0.2.1.8-alpha. + + o Code simplification and refactoring: + - Define and use a new constant TOR_ADDRPORT_BUF_LEN which is like + TOR_ADDR_BUF_LEN but includes enough space for an IP address, + brackets, separating colon, and port number. Closes ticket 33956. + Patch by Neel Chauhan. + - Merge the orconn and ocirc events into the "core" subsystem, which + manages or connections and origin circuits. Previously they were + isolated in subsystems of their own. + - Move LOG_PROTOCOL_WARN to app/config. Resolves a dependency + inversion. Closes ticket 33633. + - Move the circuit extend code to the relay module. Split the + circuit extend function into smaller functions. Closes + ticket 33633. + - Rewrite port_parse_config() to use the default port flags from + port_cfg_new(). Closes ticket 32994. Patch by MrSquanchee. + - Updated comments in 'scheduler.c' to reflect old code changes, and + simplified the scheduler channel state change code. Closes + ticket 33349. + - Refactor configuration parsing to use the new config subsystem + code. Closes ticket 33014. + - Move a series of functions related to address resolving into their + own files. Closes ticket 33789. + + o Documentation: + - Replace most http:// URLs in our code and documentation with + https:// URLs. (We have left unchanged the code in src/ext/, and + the text in LICENSE.) Closes ticket 31812. Patch from Jeremy Rand. + - Document the limitations of using %include on config files with + seccomp sandbox enabled. Fixes documentation bug 34133; bugfix on + 0.3.1.1-alpha. Patch by Daniel Pinto. + + o Removed features: + - Our "check-local" test target no longer tries to use the + Coccinelle semantic patching tool parse all the C files. While it + is a good idea to try to make sure Coccinelle works on our C + before we run a Coccinelle patch, doing so on every test run has + proven to be disruptive. You can still run this tool manually with + "make check-cocci". Closes ticket 40030. + - Remove the ClientAutoIPv6ORPort option. This option attempted to + randomly choose between IPv4 and IPv6 for client connections, and + wasn't a true implementation of Happy Eyeballs. Often, this option + failed on IPv4-only or IPv6-only connections. Closes ticket 32905. + Patch by Neel Chauhan. + - Stop shipping contrib/dist/rc.subr file, as it is not being used + on FreeBSD anymore. Closes issue 31576. + + o Testing: + - Add a basic IPv6 test to "make test-network". This test only runs + when the local machine has an IPv6 stack. Closes ticket 33300. + - Add test-network-ipv4 and test-network-ipv6 jobs to the Makefile. + These jobs run the IPv4-only and dual-stack chutney flavours from + test-network-all. Closes ticket 33280. + - Remove a redundant distcheck job. Closes ticket 33194. + - Run the test-network-ipv6 Makefile target in the Travis CI IPv6 + chutney job. This job runs on macOS, so it's a bit slow. Closes + ticket 33303. + - Sort the Travis jobs in order of speed. Putting the slowest jobs + first takes full advantage of Travis job concurrency. Closes + ticket 33194. + - Stop allowing the Chutney IPv6 Travis job to fail. This job was + previously configured to fast_finish (which requires + allow_failure), to speed up the build. Closes ticket 33195. + - Test v3 onion services to tor's mixed IPv4 chutney network. And + add a mixed IPv6 chutney network. These networks are used in the + test-network-all, test-network-ipv4, and test-network-ipv6 make + targets. Closes ticket 33334. + - Use the "bridges+hs-v23" chutney network flavour in "make test- + network". This test requires a recent version of chutney (mid- + February 2020). Closes ticket 28208. + - When a Travis chutney job fails, use chutney's new "diagnostics.sh" + tool to produce detailed diagnostic output. Closes ticket 32792. + + o Deprecated features (onion service v2): + - Add a deprecation warning for version 2 onion services. Closes + ticket 40003. + + o Documentation (manual page): + - Add cross reference links and a table of contents to the HTML tor + manual page. Closes ticket 33369. Work by Swati Thacker as part of + Google Season of Docs. + - Alphabetize the Denial of Service Mitigation Options, Directory + Authority Server Options, Hidden Service Options, and Testing + Network Options sections of the tor(1) manual page. Closes ticket + 33275. Work by Swati Thacker as part of Google Season of Docs. + - Refrain from mentioning nicknames in manpage section for MyFamily + torrc option. Resolves issue 33417. + - Updated the options set by TestingTorNetwork in the manual page. + Closes ticket 33778. + Changes in version 0.4.3.5 - 2020-05-15 Tor 0.4.3.5 is the first stable release in the 0.4.3.x series. This diff --git a/changes/40241 b/changes/40241 deleted file mode 100644 index c9b2e2c011..0000000000 --- a/changes/40241 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - Fix a compilation warning about unreachable fallthrough annotations - when building with "--enable-all-bugs-are-fatal" on some compilers. - Fixes bug 40241; bugfix on 0.3.5.4-alpha. diff --git a/changes/bug16016 b/changes/bug16016 deleted file mode 100644 index 313ef672e9..0000000000 --- a/changes/bug16016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (logging): - - Downgrade a noisy log message that could occur naturally when - receiving an extrainfo document that we no longer want. - Fixes bug 16016; bugfix on 0.2.6.3-alpha. diff --git a/changes/bug27315 b/changes/bug27315 deleted file mode 100644 index 8af3ac8559..0000000000 --- a/changes/bug27315 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (linux seccomp2 sandbox): - - Fix a regression on sandboxing rules for the openat() syscall. - The fix for bug 25440 fixed the problem on systems with glibc >= - 2.27 but broke tor on previous versions of glibc. We now apply - the correct seccomp rule according to the running glibc version. - Patch from Daniel Pinto. Fixes bug 27315; bugfix on 0.3.5.11. diff --git a/changes/bug31036 b/changes/bug31036 deleted file mode 100644 index d9921dba43..0000000000 --- a/changes/bug31036 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (windows): - - Fix a bug that prevented Tor from starting if its log file - grew above 2GB. Fixes bug 31036; bugfix on 0.2.1.8-alpha. diff --git a/changes/bug32588 b/changes/bug32588 deleted file mode 100644 index f31f2ce1ad..0000000000 --- a/changes/bug32588 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (relays): - - Stop advertising incorrect IPv6 ORPorts in relay and bridge descriptors, - when the IPv6 port was configured as "auto". - Fixes bug 32588; bugfix on 0.2.3.9-alpha diff --git a/changes/bug32709 b/changes/bug32709 deleted file mode 100644 index d00b112be6..0000000000 --- a/changes/bug32709 +++ /dev/null @@ -1,4 +0,0 @@ - o Major features (v3 onion services): - - Allow v3 onion services to act as OnionBalance backend instances using - the HiddenServiceOnionBalanceInstance torrc option. Closes ticket 32709. - diff --git a/changes/bug33119 b/changes/bug33119 deleted file mode 100644 index c976654b26..0000000000 --- a/changes/bug33119 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (NSS): - - Fix out-of-bound memory access in `tor_tls_cert_matches_key()` when Tor is - compiled with NSS support. Fixes bug 33119; bugfix on 0.3.5.1-alpha. This - issue is also tracked as TROVE-2020-001. diff --git a/changes/bug33131 b/changes/bug33131 deleted file mode 100644 index bc5ef7bc2d..0000000000 --- a/changes/bug33131 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (mainloop): - - Better guard against growing a buffer past its maximum 2GB in size. - Fixes bug 33131; bugfix on 0.3.0.4-rc. diff --git a/changes/bug33284 b/changes/bug33284 deleted file mode 100644 index e6aed4d2d4..0000000000 --- a/changes/bug33284 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (git scripts): - - Stop executing the checked-out pre-commit hook from the pre-push hook. - Instead, execute the copy in the user's git dir. Fixes bug 33284; bugfix - on 0.4.1.1-alpha. diff --git a/changes/bug33285 b/changes/bug33285 deleted file mode 100644 index a4d06a7eb8..0000000000 --- a/changes/bug33285 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (protocol versions): - - Sort tor's supported protocol version lists, as recommended by the - tor directory specification. Fixes bug 33285; bugfix on 0.4.0.1-alpha. diff --git a/changes/bug33531 b/changes/bug33531 deleted file mode 100644 index c4284c55c9..0000000000 --- a/changes/bug33531 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (logs): - - Remove surprising empty line in info-level log about circuit build - timeout. Fixes bug 33531; bugfix on 0.3.3.1-alpha. diff --git a/changes/bug33781 b/changes/bug33781 deleted file mode 100644 index 9f63ab0a2c..0000000000 --- a/changes/bug33781 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (compatibility): - - Strip '\r' characters when reading text files on Unix platforms. - This should resolve an issue where a relay operator migrates a relay from - Windows to Unix, but does not change the line ending of Tor's various state - files to match the platform, the CRLF line endings from Windows ends up leaking - into other files such as the extra-info document. Fixes bug 33781; bugfix on - 0.0.9pre5. diff --git a/changes/bug33899 b/changes/bug33899 deleted file mode 100644 index b9b7d7cf13..0000000000 --- a/changes/bug33899 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes (IPv6, relay): - - Consider IPv6 addresses when checking if a connection is canonical. - In 17604, relays assumed that a remote relay could consider an IPv6 - connection canonical, but did not set the canonical flag on their side - of the connection. Fixes bug 33899; bugfix on 0.3.1.1-alpha. - - Log IPv6 addresses on connections where this relay is the responder. - Previously, responding relays would replace the remote IPv6 address with - the IPv4 address from the consensus. - Fixes bug 33899; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug33900 b/changes/bug33900 deleted file mode 100644 index c1649d2284..0000000000 --- a/changes/bug33900 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (IPv4, relay): - - Check for invalid zero IPv4 addresses and ports, when sending and - receiving extend cells. Fixes bug 33900; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug33917 b/changes/bug33917 deleted file mode 100644 index 6a8daa9e26..0000000000 --- a/changes/bug33917 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (logging, testing): - - Make all of tor's assertion macros support the ALL_BUGS_ARE_FATAL and - DISABLE_ASSERTS_IN_UNIT_TESTS debugging modes. Implements these modes - for IF_BUG_ONCE(). (It used to log a non-fatal warning, regardless of - the debugging mode.) Fixes bug 33917; bugfix on 0.2.9.1-alpha. diff --git a/changes/bug33977 b/changes/bug33977 deleted file mode 100644 index b424a811a2..0000000000 --- a/changes/bug33977 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (refactoring): - - Lift circuit_build_times_disabled out of circuit_expire_building loop to - save CPU time with many circuits open. Fixes bug 33977; bugfix on - 0.3.5.9. diff --git a/changes/bug34084 b/changes/bug34084 deleted file mode 100644 index 524c4cf68e..0000000000 --- a/changes/bug34084 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (onion services v3): - - Avoid a non-fatal assert log in an edge-case of opening an intro circuit - as a client. Fixes bug 34084; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug34086 b/changes/bug34086 deleted file mode 100644 index 245992f8f4..0000000000 --- a/changes/bug34086 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (onion service v3): - - Remove a BUG() warning that could trigger in certain unlikely edge-cases. - Fixes bug 34086; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug34130 b/changes/bug34130 deleted file mode 100644 index b1e5715fdf..0000000000 --- a/changes/bug34130 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (linux seccomp sandbox nss): - - Fix startup crash when tor is compiled with --enable-nss and - sandbox support is enabled. Fixes bug 34130; bugfix on - 0.3.5.1-alpha. Patch by Daniel Pinto. diff --git a/changes/bug34233 b/changes/bug34233 deleted file mode 100644 index 24c7869783..0000000000 --- a/changes/bug34233 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (portability): - - Fix a portability error in the configure script, where we - were using "==" instead of "=". Fixes bug 34233; bugfix on - 0.4.3.5. diff --git a/changes/bug34299 b/changes/bug34299 deleted file mode 100644 index 464cf0d18a..0000000000 --- a/changes/bug34299 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (man page): - - Update the man page to reflect that MinUptimeHidServDirectoryV2 - defaults to 96 hours. Fixes bug 34299; bugfix on 0.2.6.3-alpha. diff --git a/changes/bug34303 b/changes/bug34303 deleted file mode 100644 index dce57f4646..0000000000 --- a/changes/bug34303 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (client performance): - - Resume being willing to use preemptively-built circuits when - UseEntryGuards is set to 0. We accidentally disabled this feature - with that config setting, leading to slower load times. Fixes bug - 34303; bugfix on 0.3.3.2-alpha. diff --git a/changes/bug34400 b/changes/bug34400 deleted file mode 100644 index e2b56688b9..0000000000 --- a/changes/bug34400 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (v2 onion services): - - For HSFETCH commands on v2 onion services addresses, check the length of - bytes decoded, not the base32 length. This takes the behavior introduced - in commit a517daa56f5848d25ba79617a1a7b82ed2b0a7c0 into consideration. - Fixes bug 34400; bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan. diff --git a/changes/bug40001 b/changes/bug40001 deleted file mode 100644 index 0e3f454619..0000000000 --- a/changes/bug40001 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (entry guards): - - Reinstate support for GUARD NEW/UP/DOWN control port events. - Closes ticket 40001.
\ No newline at end of file diff --git a/changes/bug40020 b/changes/bug40020 deleted file mode 100644 index ca6ee2b85b..0000000000 --- a/changes/bug40020 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes (linux seccomp2 sandbox): - - Makes the seccomp sandbox allow the correct syscall for opendir - according to the running glibc version. The opendir function - either uses open or openat but the current code does not - differenciate between opendir and open calls. This adds a new - seccomp sandbox rule for opendir. This fixes crashes when - reloading torrc with sandbox enabled when running on glibc - 2.15 to 2.21 and 2.26. Patch from Daniel Pinto. Fixes bug 40020; - bugfix on 0.3.5.11. diff --git a/changes/bug40028 b/changes/bug40028 deleted file mode 100644 index cfd1ffe516..0000000000 --- a/changes/bug40028 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compiler warnings): - - Fix a compiler warning on platforms with 32-bit time_t values. - Fixes bug 40028; bugfix on 0.3.2.8-rc. diff --git a/changes/bug40072 b/changes/bug40072 deleted file mode 100644 index 2b82f3f18b..0000000000 --- a/changes/bug40072 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (linux seccomp2 sandbox): - - Fix startup crash with seccomp sandbox enabled when tor tries to - open the data directory. Patch from Daniel Pinto. Fixes bug 40072; - bugfix on 0.4.4.3-alpha-dev. diff --git a/changes/bug40076 b/changes/bug40076 deleted file mode 100644 index 9ef5969ae8..0000000000 --- a/changes/bug40076 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (correctness, buffers): - - Fix a correctness bug that could cause an assertion failure if we ever - tried using the buf_move_all() function with an empty input. - As far as we know, no released versions of Tor do this. - Fixes bug 40076; bugfix on 0.3.3.1-alpha. diff --git a/changes/bug40080 b/changes/bug40080 deleted file mode 100644 index 8162466354..0000000000 --- a/changes/bug40080 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (security): - - When completing a channel, relays now check more thoroughly to make - sure that it matches any pending circuits before attaching those - circuits. Previously, address correctness and Ed25519 identities were not - checked in this case, but only when extending circuits on an existing - channel. Fixes bug 40080; bugfix on 0.2.7.2-alpha. diff --git a/changes/bug40083 b/changes/bug40083 deleted file mode 100644 index db26017664..0000000000 --- a/changes/bug40083 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (relay, self-testing): - - When starting up as a relay, if we haven't been able to verify that - we're reachable, only launch reachability tests at most once a minute. - Previously, we had been launching tests up to once a second, which - was needlessly noisy. Fixes bug 40083; bugfix on 0.2.8.1-alpha. diff --git a/changes/bug40095 b/changes/bug40095 deleted file mode 100644 index 5c4b3a2b7e..0000000000 --- a/changes/bug40095 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - When running the subsystem order check, use the python binary - configured with the PYTHON environment variable. Fixes bug 40095; - bugfix on 0.4.4.1-alpha. diff --git a/changes/bug40099 b/changes/bug40099 deleted file mode 100644 index 278ede2023..0000000000 --- a/changes/bug40099 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (tests): - - Fix the behavior of the rend_cache/clean_v2_descs_as_dir when run on - its own. Previously, it would exit with an error. - Fixes bug 40099; bugfix on 0.2.8.1-alpha. diff --git a/changes/bug40105 b/changes/bug40105 deleted file mode 100644 index 330b6a9744..0000000000 --- a/changes/bug40105 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (guard selection algorithm): - - Avoid needless guard-related warning when upgrading from 0.4.3 to 0.4.4. - Fixes bug 40105; bugfix on 0.4.4.1-alpha.
\ No newline at end of file diff --git a/changes/bug40113 b/changes/bug40113 deleted file mode 100644 index adf4634097..0000000000 --- a/changes/bug40113 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Resolve a compilation warning that could occur in test_connection.c. - Fixes bug 40113; bugfix on 0.2.9.3-alpha. diff --git a/changes/bug40117 b/changes/bug40117 deleted file mode 100644 index 77646edf9c..0000000000 --- a/changes/bug40117 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (stats, onion services): - - Fix a bug where we were undercounting the Tor network's total onion - service traffic, by only counting rendezvous traffic originating from - services and ignoring any traffic originating from clients. Fixes bug - 40117; bugfix on 0.2.6.2-alpha. diff --git a/changes/bug40129 b/changes/bug40129 deleted file mode 100644 index 80de5ef355..0000000000 --- a/changes/bug40129 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - Fix compiler warnings that would occur when building with - "--enable-all-bugs-are-fatal" and "--disable-module-relay" - at the same time. Fixes bug 40129; bugfix on 0.4.4.1-alpha. diff --git a/changes/bug40179_part1 b/changes/bug40179_part1 deleted file mode 100644 index c302373534..0000000000 --- a/changes/bug40179_part1 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing, portability): - - Fix our Python reference-implementation for the v3 onion service - handshake so that it works correctly with the version of hashlib provided - by Python 3.9. Fixes part of bug 40179; bugfix on 0.3.1.6-rc. diff --git a/changes/bug40179_part2 b/changes/bug40179_part2 deleted file mode 100644 index 15dc861321..0000000000 --- a/changes/bug40179_part2 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Fix the config/parse_tcp_proxy_line test so that it works correctly on - systems where the DNS provider hijacks invalid queries. - Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. diff --git a/changes/bug40190 b/changes/bug40190 deleted file mode 100644 index 0f3d6941dc..0000000000 --- a/changes/bug40190 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (SOCKS5): - - Handle partial socks5 messages correctly. Previously, our code would - send an incorrect error message if it got a socks5 request that wasn't - complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. diff --git a/changes/bug40210 b/changes/bug40210 deleted file mode 100644 index f492262a11..0000000000 --- a/changes/bug40210 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (crypto): - - Fix undefined behavior on our Keccak library. The bug only appears on - platforms with 32-byte CPU cache lines (e.g. armv5tel) and would result - in wrong digests. Fixes bug 40210; bugfix on 0.2.8.1-alpha. Thanks to - Bernhard Ãœbelacker, Arnd Bergmann and weasel for diagnosing this. diff --git a/changes/bug40316 b/changes/bug40316 deleted file mode 100644 index cd275b5c9c..0000000000 --- a/changes/bug40316 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security, denial of service): - - Fix a bug in appending detached signatures to a pending consensus - document that could be used to crash a directory authority. - Fixes bug 40316; bugfix on 0.2.2.6-alpha. Tracked as - TROVE-2021-002 and CVE-2021-28090. diff --git a/changes/bug40380 b/changes/bug40380 deleted file mode 100644 index 24d2876b7d..0000000000 --- a/changes/bug40380 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compiler warnings): - - Fix an indentation problem that led to a warning from GCC 11.1.1. - Fixes bug 40380; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug40391 b/changes/bug40391 deleted file mode 100644 index e3c186275f..0000000000 --- a/changes/bug40391 +++ /dev/null @@ -1,9 +0,0 @@ - o Major bugfixes (security): - - Resist a hashtable-based CPU denial-of-service attack against - relays. Previously we used a naive unkeyed hash function to look up - circuits in a circuitmux object. An attacker could exploit this to - construct circuits with chosen circuit IDs in order to try to create - collisions and make the hash table inefficient. Now we use a SipHash - construction for this hash table instead. Fixes bug 40391; bugfix on - 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005. - Reported by Jann Horn from Google's Project Zero. diff --git a/changes/bug40392 b/changes/bug40392 deleted file mode 100644 index 4dffa50bb2..0000000000 --- a/changes/bug40392 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (security, denial of service, onion services): - - Fix an out-of-bounds memory access in v3 descriptor parsing. Fixes bug - 40392; bugfix on 0.3.0.1-alpha. This issue is also tracked as - TROVE-2021-006. Reported by Sergei Glazunov from Google's Project Zero.
\ No newline at end of file diff --git a/changes/bug40399 b/changes/bug40399 deleted file mode 100644 index 7954b85eaf..0000000000 --- a/changes/bug40399 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (compatibility): - - Remove an assertion function related to TLS renegotiation. - It was used nowhere outside the unit tests, and it was breaking - compilation with recent alpha releases of OpenSSL 3.0.0. - Closes ticket 40399. diff --git a/changes/bug4631 b/changes/bug4631 deleted file mode 100644 index be3dd2b43e..0000000000 --- a/changes/bug4631 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (directory authorities): - - Directory authorities reject votes that arrive too late. In particular, - once an authority has started fetching missing votes, it no longer - accepts new votes posted by other authorities. This change helps prevent - a consensus split, where only some authorities have the late vote. - Fixes bug 4631; bugfix on 0.2.0.5-alpha. diff --git a/changes/doc33417 b/changes/doc33417 deleted file mode 100644 index 0fc868fc65..0000000000 --- a/changes/doc33417 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation (manpage): - - Refrain from mentioning nicknames in manpage section for MyFamily torrc - option. Resolves issue 33417. diff --git a/changes/doc34133 b/changes/doc34133 deleted file mode 100644 index abe9db6148..0000000000 --- a/changes/doc34133 +++ /dev/null @@ -1,6 +0,0 @@ - o Documentation: - - Correctly document that we search for a system torrc file before - Document the limitations of using %include on config files with - seccomp sandbox enabled. No new files can be added to the - %included directories. Fixes documentation bug 34133; bugfix - on 0.3.1.1-alpha. Patch by Daniel Pinto. diff --git a/changes/geoip-2021-03-12 b/changes/geoip-2021-03-12 deleted file mode 100644 index 01c1b0f162..0000000000 --- a/changes/geoip-2021-03-12 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor features (geoip data): - - We have switched geoip data sources. Previously we shipped - IP-to-country mappings from Maxmind's GeoLite2, but in 2019 they - changed their licensing term, so we were unable to update them after - that point. We now ship geoip files based on the IPFire Location - Database instead. (See https://location.ipfire.org/ for more - information). This release updates our geoip files to match the - IPFire Location Database as retrieved on 2021/03/12. Closes - ticket 40224. diff --git a/changes/geoip-2021-04-13 b/changes/geoip-2021-04-13 deleted file mode 100644 index db21a1c037..0000000000 --- a/changes/geoip-2021-04-13 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2021/04/13. diff --git a/changes/geoip-2021-05-07 b/changes/geoip-2021-05-07 deleted file mode 100644 index 07bf12c4d8..0000000000 --- a/changes/geoip-2021-05-07 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2021/05/07. diff --git a/changes/geoip-2021-06-10 b/changes/geoip-2021-06-10 deleted file mode 100644 index 2b798012c8..0000000000 --- a/changes/geoip-2021-06-10 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2021/06/10. diff --git a/changes/parallel_unit_test b/changes/parallel_unit_test deleted file mode 100644 index 79de28636d..0000000000 --- a/changes/parallel_unit_test +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (tests): - - Our "make check" target now runs the unit tests in 8 parallel chunks. - Doing this speeds up hardened CI builds by more than a factor of two. - Closes ticket 40098. diff --git a/changes/ticket24308 b/changes/ticket24308 deleted file mode 100644 index e614785265..0000000000 --- a/changes/ticket24308 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (denial-of-service memory limiter): - - Allow the user to configure even lower values for the MaxMemInQueues - parameter. Relays now enforce a minimum of 64 MB, when previously - the minimum was 256 MB. On clients, there is no minimum. Relays and - clients will both warn if the value is set so low that Tor is likely - to stop working. Closes ticket 24308. diff --git a/changes/ticket24844 b/changes/ticket24844 deleted file mode 100644 index da55b4cf67..0000000000 --- a/changes/ticket24844 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (v3 onion servies): - - Add v3 onion service status to the dumpstats() call which is - triggered by a SIGUSR1 signal. Previously, we only did v2 - onion services. Closes ticket 24844. Patch by Neel Chauhan. diff --git a/changes/ticket2667 b/changes/ticket2667 deleted file mode 100644 index cc42286ef9..0000000000 --- a/changes/ticket2667 +++ /dev/null @@ -1,4 +0,0 @@ - o Major feature (exit): - - Re-entry into the network is now denied at the Exit level to all relays' - ORPort and authorities' ORPort+DirPort. This is to help mitigate a series - of attacks. See ticket for more information. Closes ticket 2667. diff --git a/changes/ticket28208 b/changes/ticket28208 deleted file mode 100644 index 8818aad1d5..0000000000 --- a/changes/ticket28208 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing: - - Use the "bridges+hs-v23" chutney network flavor in "make test-network". - This test requires a recent version of chutney (mid-February 2020). - Closes ticket 28208. diff --git a/changes/ticket28992 b/changes/ticket28992 deleted file mode 100644 index 3e45d73e45..0000000000 --- a/changes/ticket28992 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (onion service v3, client): - - Remove a BUG() that is causing a stacktrace for a situation that very - rarely happens but still can. Fixes bug 28992; bugfix on 0.3.2.1-alpha. diff --git a/changes/ticket31576 b/changes/ticket31576 deleted file mode 100644 index ab984cf3d4..0000000000 --- a/changes/ticket31576 +++ /dev/null @@ -1,3 +0,0 @@ - o Removed features: - - Stop shipping contrib/dist/rc.subr file, as it is not being used on - FreeBSD anymore. Closes issue 31576. diff --git a/changes/ticket31634 b/changes/ticket31634 deleted file mode 100644 index 2777595036..0000000000 --- a/changes/ticket31634 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (testing, architeture): - - Our test scripts now double-check that subsystem initialization order - is consistent with the inter-module dependencies established by our - .may_include files. Implements ticket 31634. diff --git a/changes/ticket31812 b/changes/ticket31812 deleted file mode 100644 index 869e494892..0000000000 --- a/changes/ticket31812 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Replace most http:// URLs in our code and documentation with https:// - URLs. (We have left unchanged the code in src/ext/, and the text in - LICENSE.) Closes ticket 31812. Patch from Jeremy Rand. diff --git a/changes/ticket32088 b/changes/ticket32088 deleted file mode 100644 index 0d4fc74754..0000000000 --- a/changes/ticket32088 +++ /dev/null @@ -1,13 +0,0 @@ - o Major features (Proposal 310, performance + security): - - Implements Proposal 310 - Bandaid on guard selection. - Proposal 310 solves a load-balancing issue within Prop271 which strongly - impact experimental research with Shadow. - Security improvement: Proposal 310 prevents any newly Guard relay to - have a chance to get into the primary list of older Tor clients, - except if the N first sampled guards of these clients are unreachable. - Implements recommendation from 32088. - - Proposal 310 is linked to the CLAPS project researching optimal - client location-aware path selections. This project is a collaboration - between the UCLouvain Crypto Group, the U.S. Naval Research Laboratory and - Princeton University. diff --git a/changes/ticket32143 b/changes/ticket32143 deleted file mode 100644 index 7f8a809ba5..0000000000 --- a/changes/ticket32143 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (continuous integration): - - Run unit-test and integration test (Stem, Chutney) jobs with - ALL_BUGS_ARE_FATAL macro being enabled on Travis and Appveyor. - Resolves ticket 32143. diff --git a/changes/ticket32542 b/changes/ticket32542 deleted file mode 100644 index c52335b059..0000000000 --- a/changes/ticket32542 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor feature (onion service client, SOCKS5): - - Add 3 new SocksPort ExtendedErrors (F2, F3, F7) that reports back new type - of onion service connection failures. Closes ticket 32542. diff --git a/changes/ticket32622 b/changes/ticket32622 deleted file mode 100644 index 1c663567fd..0000000000 --- a/changes/ticket32622 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (bootstrap reporting): - - Report more detailed reasons for bootstrap failure when the failure - happens due to a TLS error. Previously we would just call these errors - "MISC" when they happened during read, and "DONE" when they - happened during any other TLS operation. Closes ticket 32622. diff --git a/changes/ticket32696 b/changes/ticket32696 deleted file mode 100644 index 8f56fc394e..0000000000 --- a/changes/ticket32696 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (directory authority): - - Authorities now recommend protocol versions that are supported - by Tor 0.3.5 and later. (Earlier versions of Tor have been - deprecated since January of this year.) This recommendation - will cause older clients and relays to give a warning on startup, - or when they download a consensus directory. - Closes ticket 32696. diff --git a/changes/ticket32720 b/changes/ticket32720 deleted file mode 100644 index 87c540b7ff..0000000000 --- a/changes/ticket32720 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (directory): - - Remember the number of bytes we have downloaded for each directory - purpose while bootstrapping, and while fully bootstrapped. Log this - information as part of the heartbeat message. Closes ticket 32720. diff --git a/changes/ticket32792 b/changes/ticket32792 deleted file mode 100644 index 553cf0ca81..0000000000 --- a/changes/ticket32792 +++ /dev/null @@ -1,3 +0,0 @@ - o Testing: - - When a Travis chutney job fails, use chutney's new "diagnostics.sh" tool - to produce detailed diagnostic output. Closes ticket 32792. diff --git a/changes/ticket32873 b/changes/ticket32873 deleted file mode 100644 index 65ea1f64ad..0000000000 --- a/changes/ticket32873 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (control port): - - Return a descriptive error message from the 'GETINFO - status/fresh-relay-descs' command on the control port. - Previously, we returned a generic error of "Error - generating descriptor". Closes ticket 32873. Patch by - Neel Chauhan. diff --git a/changes/ticket32888 b/changes/ticket32888 deleted file mode 100644 index ce7fb40b30..0000000000 --- a/changes/ticket32888 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (logging): - - When trying to find our own address, add debug-level logging - to report the sources of candidate addresses. Closes ticket - 32888. diff --git a/changes/ticket32905 b/changes/ticket32905 deleted file mode 100644 index 6f420ec693..0000000000 --- a/changes/ticket32905 +++ /dev/null @@ -1,6 +0,0 @@ - o Removed features: - - Remove the ClientAutoIPv6ORPort option. This option attempted - to randomly choose between IPv4 and IPv6 for client connections, - and isn't a true implementation of Happy Eyeballs. Often, this - option failed on IPv4-only or IPv6-only connections. Closes - ticket 32905. Patch by Neel Chauhan. diff --git a/changes/ticket32994 b/changes/ticket32994 deleted file mode 100644 index 43a32afa78..0000000000 --- a/changes/ticket32994 +++ /dev/null @@ -1,3 +0,0 @@ - o Code simplification and refactoring: - - Rewrite port_parse_config() to use the default port flags from - port_cfg_new(). Closes ticket 32994. Patch by MrSquanchee. diff --git a/changes/ticket33014 b/changes/ticket33014 deleted file mode 100644 index 885051d9cf..0000000000 --- a/changes/ticket33014 +++ /dev/null @@ -1,3 +0,0 @@ - o Code simplification and refactoring (onion service): - - Refactor configuration parsing to use the new config subsystem code. - Closes ticket 33014. diff --git a/changes/ticket33192 b/changes/ticket33192 deleted file mode 100644 index 97f976226b..0000000000 --- a/changes/ticket33192 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor feature (python): - - Stop assuming that /usr/bin/python exists. Instead of using a - hardcoded path in scripts that still use Python 2, use /usr/bin/env, - similarly to the scripts that use Python 3. Fixes bug 33192; bugfix - on 0.4.2.
\ No newline at end of file diff --git a/changes/ticket33194 b/changes/ticket33194 deleted file mode 100644 index b87e55348e..0000000000 --- a/changes/ticket33194 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing: - - Remove a redundant distcheck job. Closes ticket 33194. - - Sort the Travis jobs in order of speed. Putting the slowest jobs first - takes full advantage of Travis job concurrency. Closes ticket 33194. diff --git a/changes/ticket33195 b/changes/ticket33195 deleted file mode 100644 index 11abd4816e..0000000000 --- a/changes/ticket33195 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing: - - Stop allowing the Chutney IPv6 Travis job to fail. This job was - previously configured to fast_finish (which requires allow_failure), to - speed up the build. Closes ticket 33195. diff --git a/changes/ticket33275 b/changes/ticket33275 deleted file mode 100644 index bff3a7a3ad..0000000000 --- a/changes/ticket33275 +++ /dev/null @@ -1,5 +0,0 @@ - o Documentation (manpage): - - Alphabetize the Denial of Service Mitigation Options, Directory - Authority Server Options, Hidden Service Options, and Testing - Network Options sections of the tor(1) manpage. Closes ticket - 33275. Work by Swati Thacker as part of Google Season of Docs. diff --git a/changes/ticket33280 b/changes/ticket33280 deleted file mode 100644 index b90c3086ea..0000000000 --- a/changes/ticket33280 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing: - - Add test-network-ipv4 and test-network-ipv6 jobs to the Makefile. - These jobs run the IPv4-only and dual-stack chutney flavours from - test-network-all. Closes ticket 33280. diff --git a/changes/ticket33300 b/changes/ticket33300 deleted file mode 100644 index 9b0bdce372..0000000000 --- a/changes/ticket33300 +++ /dev/null @@ -1,3 +0,0 @@ - o Testing: - - Add a basic IPv6 test to "make test-network". This test only runs when - the local machine has an IPv6 stack. Closes ticket 33300. diff --git a/changes/ticket33303 b/changes/ticket33303 deleted file mode 100644 index b7ac7b5067..0000000000 --- a/changes/ticket33303 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing: - - Run the test-network-ipv6 Makefile target in the Travis CI IPv6 chutney - job. This job runs on macOS, so it's a bit slow. - Closes ticket 33303. diff --git a/changes/ticket33316 b/changes/ticket33316 deleted file mode 100644 index 25b0444078..0000000000 --- a/changes/ticket33316 +++ /dev/null @@ -1,15 +0,0 @@ - o Minor bugfixes (initialization): - - Initialize the subsystems in our code in an order more closely - corresponding to their dependencies, so that every system is - initialized before the ones that (theoretically) depend on it. - Fixes bug 33316; bugfix on 0.4.0.1-alpha. - - o Minor features (tests): - - Initialize all subsystems at the beginning of our unit test harness, - to avoid crashes due to uninitialized subsystems. - Follow-up from ticket 33316. - - o Code simplification and refactoring: - - Merge the orconn and ocirc events into the "core" subsystem, which - manages or connections and origin circuits. Previously they - were isolated in subsystems of their own. diff --git a/changes/ticket33334 b/changes/ticket33334 deleted file mode 100644 index ada3cb284c..0000000000 --- a/changes/ticket33334 +++ /dev/null @@ -1,5 +0,0 @@ - o Testing: - - Test v3 onion services to tor's mixed IPv4 chutney network. And add a - mixed IPv6 chutney network. These networks are used in the - test-network-all, test-network-ipv4, and test-network-ipv6 make targets. - Closes ticket 33334. diff --git a/changes/ticket33339 b/changes/ticket33339 deleted file mode 100644 index 75ccb3546f..0000000000 --- a/changes/ticket33339 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor feature (developer tools): - - Add a script to help check the alphabetical ordering of option - names in a manpage. Closes ticket 33339. diff --git a/changes/ticket33346 b/changes/ticket33346 deleted file mode 100644 index acbbae5169..0000000000 --- a/changes/ticket33346 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (linux seccomp2 sandbox): - - Permit the unlinkat() syscall, which some Libc implementations - use to implement unlink(). Closes ticket 33346. diff --git a/changes/ticket33349 b/changes/ticket33349 deleted file mode 100644 index 0458a72c8d..0000000000 --- a/changes/ticket33349 +++ /dev/null @@ -1,4 +0,0 @@ - o Code simplification and refactoring: - - Updated comments in 'scheduler.c' to reflect old code changes, - and simplified the scheduler channel state change code. Closes - ticket 33349. diff --git a/changes/ticket33366 b/changes/ticket33366 deleted file mode 100644 index 1310c493c2..0000000000 --- a/changes/ticket33366 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (compilation size): - - Most Server-side DNS code is now disabled when building without - support for relay mode. Closes ticket 33366. diff --git a/changes/ticket33368 b/changes/ticket33368 deleted file mode 100644 index ecc6f66f4e..0000000000 --- a/changes/ticket33368 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (client-only compilation): - - Disable more code related to the ext_orport protocol when compiling - without support for relay mode. Closes ticket 33368. diff --git a/changes/ticket33369 b/changes/ticket33369 deleted file mode 100644 index c55335c5b7..0000000000 --- a/changes/ticket33369 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation (manpage): - - Add cross reference links and a table of contents to the HTML - tor manpage. Closes ticket 33369. Work by Swati Thacker as - part of Google Season of Docs. diff --git a/changes/ticket33370 b/changes/ticket33370 deleted file mode 100644 index 41e03357f0..0000000000 --- a/changes/ticket33370 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (client-only compilation): - - Disable more of our self-testing code when support for relay mode is - disabled. Closes ticket 33370. diff --git a/changes/ticket33400 b/changes/ticket33400 deleted file mode 100644 index 7603890765..0000000000 --- a/changes/ticket33400 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor feature (onion service v3): - - Log at INFO level why the service can not upload its descriptor(s). Closes - ticket 33400; bugfix on 0.3.2.1-alpha. diff --git a/changes/ticket33436 b/changes/ticket33436 deleted file mode 100644 index 69b5545c6d..0000000000 --- a/changes/ticket33436 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (directory authority, shared random): - - Refactor more authority-only parts of the shared-random scheduling code - to reside in the dirauth module, and to be disabled when compiling with - --disable-module-dirauth. Closes ticket 33436. diff --git a/changes/ticket33451 b/changes/ticket33451 deleted file mode 100644 index 74dd6d1ad8..0000000000 --- a/changes/ticket33451 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (developer tools): - - Add a script ("git-install-tools.sh") to install git hooks and helper - scripts. Closes ticket 33451. diff --git a/changes/ticket33458 b/changes/ticket33458 deleted file mode 100644 index 885c6dc505..0000000000 --- a/changes/ticket33458 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (onion service v3): - - When cleaning the client descriptor cache, an attempt at closing circuits - for a non decrypted descriptor (lacking client authorization) lead to an - assert(). Fixes bug 33458; bugfix on 0.4.2.1-alpha. diff --git a/changes/ticket33633 b/changes/ticket33633 deleted file mode 100644 index de030a6000..0000000000 --- a/changes/ticket33633 +++ /dev/null @@ -1,6 +0,0 @@ - o Code simplification and refactoring: - - Move the circuit extend code to the relay module. - Split the circuit extend function into smaller functions. - Closes ticket 33633. - - Move LOG_PROTOCOL_WARN to app/config.c. Resolves a dependency inversion. - Closes ticket 33633. diff --git a/changes/ticket33642 b/changes/ticket33642 deleted file mode 100644 index b81edf7613..0000000000 --- a/changes/ticket33642 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (developer tooling): - - Refrain from listing all .a files that are generated by Tor build in - .gitignore. Add a single wildcard *.a entry that covers all of them for - present and future. Closes ticket 33642. diff --git a/changes/ticket33679 b/changes/ticket33679 deleted file mode 100644 index d37842d065..0000000000 --- a/changes/ticket33679 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (IPv6 Support, address.c): - - Adds IPv6 support to tor_addr_is_valid(). Adds tests for the - above changes and tor_addr_is_null(). Closes ticket 33679. - Patch by MrSquanchee. diff --git a/changes/ticket33747 b/changes/ticket33747 deleted file mode 100644 index 57c72e9d0a..0000000000 --- a/changes/ticket33747 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (rate limiting, bridges, pluggable transports): - - On a bridge, treat all connections from an ExtORPort as remote - by default for the purposes of rate-limiting. Previously, - bridges would treat the connection as local unless they explicitly - received a "USERADDR" command. ExtORPort connections still - count as local if there is a USERADDR command with an explicit local - address. Fixes bug 33747; bugfix on 0.2.5.1-alpha. diff --git a/changes/ticket33778 b/changes/ticket33778 deleted file mode 100644 index a33c647a6e..0000000000 --- a/changes/ticket33778 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation (manpage): - - Updated the options set by TestingTorNetwork in the man page. - Closes ticket 33778. diff --git a/changes/ticket33779 b/changes/ticket33779 deleted file mode 100644 index d4bc769ebb..0000000000 --- a/changes/ticket33779 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (onion service, logging): - - Typo in a log info level when PublishHidServDescriptors is set to 0. - Fixes bug 33779; bugfix on 0.3.2.1-alpha. diff --git a/changes/ticket33788 b/changes/ticket33788 deleted file mode 100644 index 236c056623..0000000000 --- a/changes/ticket33788 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (code safety): - - Check for failures of tor_inet_ntop() and tor_inet_ntoa() functions in - DNS and IP address processing code and adjust codepaths to make them - less likely to crash entire Tor instance. Resolves issue 33788. diff --git a/changes/ticket33789 b/changes/ticket33789 deleted file mode 100644 index a7e69793e6..0000000000 --- a/changes/ticket33789 +++ /dev/null @@ -1,4 +0,0 @@ - o Code simplification and refactoring (relay address): - - Move a series of functions related to address resolving into their own - files. Closes ticket 33789. - diff --git a/changes/ticket33796 b/changes/ticket33796 deleted file mode 100644 index 9a98bf2d9a..0000000000 --- a/changes/ticket33796 +++ /dev/null @@ -1,7 +0,0 @@ - o Removed features (IPv6, revert): - - Revert the client port prefer IPv6 feature because it breaks the - torsocks use case. The SOCKS resolve command is lacking a mechanism to - ask for a specific address family (v4 or v6) thus prioritizing IPv6 when - an IPv4 address is asked on the resolve SOCKS interface resulting in a - failure. Tor Browser explicitly set PreferIPv6 so this should not affect - the majority of our users. Closes ticket 33796; bugfix on 0.4.4.1-alpha. diff --git a/changes/ticket33817 b/changes/ticket33817 deleted file mode 100644 index 9c22d084eb..0000000000 --- a/changes/ticket33817 +++ /dev/null @@ -1,12 +0,0 @@ - o Major features (IPv6, relay): - - Relays may extend circuits over IPv6, if the relay has an IPv6 ORPort, - and the client supplies the other relay's IPv6 ORPort in the EXTEND2 - cell. IPv6 extends will be used by the relay IPv6 ORPort self-tests in - 33222. Closes ticket 33817. - - Consider IPv6-only EXTEND2 cells valid on relays. Log a protocol warning - if the IPv4 or IPv6 address is an internal address, and internal - addresses are not allowed. But continue to use the other address, if it - is valid. Closes ticket 33817. - - If a relay can extend over IPv4 and IPv6, it chooses between them - uniformly at random. Closes ticket 33817. - - Re-use existing IPv6 connections for circuit extends. Closes ticket 33817. diff --git a/changes/ticket33873 b/changes/ticket33873 deleted file mode 100644 index c45191181a..0000000000 --- a/changes/ticket33873 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (SOCKS, onion service client): - - Also detect bad v3 onion service address of the wrong length when - returning the F6 ExtendedErrors code. Fixes bug 33873; bugfix on - 0.4.3.1-alpha. diff --git a/changes/ticket33880 b/changes/ticket33880 deleted file mode 100644 index c1889bb134..0000000000 --- a/changes/ticket33880 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (relay, usability): - - Adjust the rules for when to warn about having too many connections - to other relays. Previously we'd tolerate up to 1.5 connections - per relay on average. Now we tolerate more connections for directory - authorities, and raise the number of total connections we need - to see before we warn. Fixes bug 33880; bugfix on 0.3.1.1-alpha. diff --git a/changes/ticket33901 b/changes/ticket33901 deleted file mode 100644 index b824cc5b07..0000000000 --- a/changes/ticket33901 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (IPv6, relay): - - Allow clients and relays to send dual-stack and IPv6-only EXTEND2 cells. - Parse dual-stack and IPv6-only EXTEND2 cells on relays. - Closes ticket 33901. diff --git a/changes/ticket33956 b/changes/ticket33956 deleted file mode 100644 index 7ad802797d..0000000000 --- a/changes/ticket33956 +++ /dev/null @@ -1,5 +0,0 @@ - o Code simplification and refactoring: - - Define and use a new constant TOR_ADDRPORT_BUF_LEN which is like - TOR_ADDR_BUF_LEN but includes enough space for an IP address, - brackets, seperating colon, and port number. Closes ticket 33956. - Patch by Neel Chauhan. diff --git a/changes/ticket34087 b/changes/ticket34087 deleted file mode 100644 index 16990c305a..0000000000 --- a/changes/ticket34087 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfix (onion service v3 client): - - Remove a BUG() warning that can occur naturally. Fixes bug 34087; bugfix - on 0.3.2.1-alpha. diff --git a/changes/ticket34211 b/changes/ticket34211 deleted file mode 100644 index b454873abf..0000000000 --- a/changes/ticket34211 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (windows): - - Add support for console control signals like Ctrl+C in Windows - Closes ticket 34211. Patch from Damon Harris (TheDcoder). diff --git a/changes/ticket34255_043 b/changes/ticket34255_043 deleted file mode 100644 index 5cfec1d48d..0000000000 --- a/changes/ticket34255_043 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Fix several doxygen warnings related to imbalanced groups. - Closes ticket 34255. diff --git a/changes/ticket34382 b/changes/ticket34382 deleted file mode 100644 index 0bdfe22a5e..0000000000 --- a/changes/ticket34382 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (Linux seccomp2 sandbox, compilation): - - Allow Tor to build on platforms where it doesn't know how to - report which syscall had caused the linux seccomp2 sandbox - to fail. This change should make the sandbox code more portable - to less common Linux architectures. - Closes ticket 34382. diff --git a/changes/ticket40003 b/changes/ticket40003 deleted file mode 100644 index 240f464353..0000000000 --- a/changes/ticket40003 +++ /dev/null @@ -1,3 +0,0 @@ - o Deprecated features (onion service v2): - - Add deprecation warning for onion service version 2. Tor now logs a - warning once if a version 2 service is configured. Closes ticket 40003. diff --git a/changes/ticket40005 b/changes/ticket40005 deleted file mode 100644 index 12727e0a06..0000000000 --- a/changes/ticket40005 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfix (control port, onion service): - - Consistently use 'address' in "Invalid v3 address" response to - ONION_CLIENT_AUTH commands. Fixes bug 40005; bugfix on 0.4.3.1-alpha. diff --git a/changes/ticket40026 b/changes/ticket40026 deleted file mode 100644 index f87c2964e0..0000000000 --- a/changes/ticket40026 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfix (CI, Windows): - - Don't use stdio 64 bit printf format when compiling with MINGW on - Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha. diff --git a/changes/ticket40030 b/changes/ticket40030 deleted file mode 100644 index c5f3ca4ff9..0000000000 --- a/changes/ticket40030 +++ /dev/null @@ -1,7 +0,0 @@ - o Removed features: - - Our "check-local" test target no longer tries to use the Coccinelle - semantic patching tool parse all the C files. While it is a good idea - to try to make sure Coccinelle works on our C before we run a - Coccinelle patch, doing so on every test run has proven to be disruptive. - You can still run this tool manually with "make check-cocci". Closes - ticket 40030. diff --git a/changes/ticket40035 b/changes/ticket40035 deleted file mode 100644 index 8cdd447199..0000000000 --- a/changes/ticket40035 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (NSS): - - When running with NSS enabled, make sure that NSS knows to expect - nonblocking sockets. Previously, we set our TCP sockets as blocking, - but did not tell NSS about the fact, which in turn could lead to - unexpected blocking behavior. Fixes bug 40035; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40061 b/changes/ticket40061 deleted file mode 100644 index 227664d010..0000000000 --- a/changes/ticket40061 +++ /dev/null @@ -1,5 +0,0 @@ - o Major feature (fallback directory list): - - Replace the 148 fallback directories originally included in - Tor 0.4.1.4-rc (of which around 105 are still functional) with - a list of 144 fallbacks generated in July 2020. - Closes ticket 40061. diff --git a/changes/ticket40073 b/changes/ticket40073 deleted file mode 100644 index 30b028c042..0000000000 --- a/changes/ticket40073 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (relay configuration, crash): - - Avoid a fatal assert() when failing to create a listener connection for an - address that was in use. Fixes bug 40073; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40081 b/changes/ticket40081 deleted file mode 100644 index 683ae33518..0000000000 --- a/changes/ticket40081 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (security): - - Channels using obsolete versions of the Tor link protocol are no - longer allowed to circumvent address-canonicity checks. - (This is only a minor issue, since such channels have no way to - set ed25519 keys, and therefore should always be rejected.) - Closes ticket 40081. diff --git a/changes/ticket40089 b/changes/ticket40089 deleted file mode 100644 index 121e8e9820..0000000000 --- a/changes/ticket40089 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (control port): - - If a ClientName was specified in ONION_CLIENT_AUTH_ADD for an - onion service, display it when we use ONION_CLIENT_AUTH_VIEW - on it. Closes ticket 40089. Patch by Neel Chauhan. diff --git a/changes/ticket40109 b/changes/ticket40109 deleted file mode 100644 index d99db65aa4..0000000000 --- a/changes/ticket40109 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (onion services, DoS): - - The consensus parameters for the onion service DoS defenses was - overwriting the circuit parameters that could have been set by the service - operator using HiddenServiceEnableIntroDoSDefense. Fixes bug 40109; bugfix - on 0.4.2.1-alpha. - diff --git a/changes/ticket40125 b/changes/ticket40125 deleted file mode 100644 index c68e3ce7b3..0000000000 --- a/changes/ticket40125 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing (onion service v2): - - Fix a rendezvous cache unit test that was triggering an underflow on the - global rend cache allocation. Fixes bug 40125; bugfix on - 0.2.8.1-alpha. diff --git a/changes/ticket40126 b/changes/ticket40126 deleted file mode 100644 index 1f5806e6cb..0000000000 --- a/changes/ticket40126 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing (onion service v2): - - Fix another rendezvous cache unit test that was triggering an underflow on the - global rend cache allocation. Fixes bug 40126; bugfix on - 0.2.8.1-alpha. diff --git a/changes/ticket40133 b/changes/ticket40133 deleted file mode 100644 index 8bbe00b6b2..0000000000 --- a/changes/ticket40133 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (protocol simplification): - - Tor no longer allows subprotocol versions larger than 63. Previously - versions up to UINT32_MAX were allowed, which significantly complicated - our code. - Implements proposal 318; closes ticket 40133. diff --git a/changes/ticket40135 b/changes/ticket40135 deleted file mode 100644 index 9b60b4f655..0000000000 --- a/changes/ticket40135 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfix (logging): - - Remove a debug logging statement that uselessly spam the logs. Fixes bug - 40135; bugfix on 0.3.5.0-alpha. diff --git a/changes/ticket40162 b/changes/ticket40162 deleted file mode 100644 index 093042f9af..0000000000 --- a/changes/ticket40162 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (authorities): - - Authorities now list a different set of protocols as required and - recommended. These lists are chosen so that only truly recommended - and/or required protocols are included, and so that clients using 0.2.9 - or later will continue to work (even though they are not supported), - whereas only relays running 0.3.5 or later will meet the requirements. - Closes ticket 40162. diff --git a/changes/ticket40164 b/changes/ticket40164 deleted file mode 100644 index c96118d0a4..0000000000 --- a/changes/ticket40164 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (directory authority): - - Make it possible to specify multiple ConsensusParams torrc lines. - Now directory authority operators can for example put the main - ConsensusParams config in one torrc file and then add to it from - a different torrc file. Closes ticket 40164. - diff --git a/changes/ticket40165 b/changes/ticket40165 deleted file mode 100644 index a8dd0a339b..0000000000 --- a/changes/ticket40165 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (compilation): - - Disable deprecation warnings when building with OpenSSL 3.0.0 or later. - There are a number of newly deprecated APIs in OpenSSL 3.0.0 that Tor - still requires. (A later version of Tor will try to stop depending on - these.) Closes ticket 40165. diff --git a/changes/ticket40170 b/changes/ticket40170 deleted file mode 100644 index cc1c8dbad1..0000000000 --- a/changes/ticket40170 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (tests): - - Fix the "tortls/openssl/log_one_error" test to work with OpenSSL 3.0.0. - Fixes bug 40170; bugfix on 0.2.8.1-alpha. diff --git a/changes/ticket40227 b/changes/ticket40227 deleted file mode 100644 index e5efad0f95..0000000000 --- a/changes/ticket40227 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor feature (build system): - - New "make lsp" command to auto generate the compile_commands.json file - used by the ccls server. The "bear" program is needed for this. Closes - ticket 40227. diff --git a/changes/ticket40237 b/changes/ticket40237 deleted file mode 100644 index fc32f59cd4..0000000000 --- a/changes/ticket40237 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (onion service v3): - - Stop requiring a live consensus for v3 clients and services to work. The - use of a reasonably live consensus will allow v3 to work properly in most - cases if the network failed to generate a consensus for more than 2 hours - in a row. Fixes bug 40237; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40265 b/changes/ticket40265 deleted file mode 100644 index 2a346d64c3..0000000000 --- a/changes/ticket40265 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor feature (fallback directory): - - Renegerate the list to a new set of 200 relays acting as fallback - directories. Closes ticket 40265. diff --git a/changes/ticket40286_minimal b/changes/ticket40286_minimal deleted file mode 100644 index 6a04ca79eb..0000000000 --- a/changes/ticket40286_minimal +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (security, denial of service): - - Disable the dump_desc() function that we used to dump unparseable - information to disk. It was called incorrectly in several places, - in a way that could lead to excessive CPU usage. Fixes bug 40286; - bugfix on 0.2.2.1-alpha. This bug is also tracked as - TROVE-2021-001 and CVE-2021-28089. diff --git a/changes/ticket40309 b/changes/ticket40309 deleted file mode 100644 index 087ac36a4f..0000000000 --- a/changes/ticket40309 +++ /dev/null @@ -1,3 +0,0 @@ - o New system requirements (mallinfo() deprecated): - - Remove mallinfo() usage entirely. Libc 2.33+ now deprecates it. Closes - ticket 40309. diff --git a/changes/ticket40345 b/changes/ticket40345 deleted file mode 100644 index 246e4a86af..0000000000 --- a/changes/ticket40345 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (channel, DoS): - - Fix a possible non fatal assertion BUG() due to a too early free of a - string when noting down the client connection for the DoS defenses - subsystem. Fixes bug 40345; bugfix on 0.4.3.4-rc - diff --git a/changes/ticket40389 b/changes/ticket40389 deleted file mode 100644 index 7dcf65b32e..0000000000 --- a/changes/ticket40389 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes (relay, TROVE): - - Don't allow entry or middle relays to spoof RELAY_END or RELAY_RESOLVED - cell on half-closed streams. Fixes bug 40389; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40390 b/changes/ticket40390 deleted file mode 100644 index b56fa4d9da..0000000000 --- a/changes/ticket40390 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (security, defense-in-depth): - - Detect a wider variety of failure conditions from the OpenSSL RNG - code. Previously, we would detect errors from a missing RNG - implementation, but not failures from the RNG code itself. - Fortunately, it appears those failures do not happen in practice - when Tor is using OpenSSL's default RNG implementation. - Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as - TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. diff --git a/changes/ticket6198 b/changes/ticket6198 deleted file mode 100644 index 7f3fdf2fa7..0000000000 --- a/changes/ticket6198 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (defense in depth): - - Wipe more data from connection address fields before returning them to - the memory heap. Closes ticket 6198. |