diff options
Diffstat (limited to 'changes')
140 files changed, 134 insertions, 502 deletions
diff --git a/changes/40241 b/changes/40241 deleted file mode 100644 index c9b2e2c011..0000000000 --- a/changes/40241 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - Fix a compilation warning about unreachable fallthrough annotations - when building with "--enable-all-bugs-are-fatal" on some compilers. - Fixes bug 40241; bugfix on 0.3.5.4-alpha. diff --git a/changes/40241_v2 b/changes/40241_v2 deleted file mode 100644 index 85038297f7..0000000000 --- a/changes/40241_v2 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - Fix another warning about unreachable fallthrough annotations - when building with "--enable-all-bugs-are-fatal" on some compilers. - Fixes bug 40241; bugfix on 0.4.5.3-rc. diff --git a/changes/autoconf-2.70 b/changes/autoconf-2.70 deleted file mode 100644 index 27a9f243b1..0000000000 --- a/changes/autoconf-2.70 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (compilation): - - Make the autoconf script build correctly with autoconf versions 2.70 - and later. Closes part of ticket 40335. diff --git a/changes/bug24857 b/changes/bug24857 deleted file mode 100644 index ea9c763332..0000000000 --- a/changes/bug24857 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (directory cache, performance, windows): - - Limit the number of items in the consensus diff cache to 64 on Windows. - We hope this will resolve an issue where Windows relay operators reported - Tor using 100% CPU while we investigate better solutions. Fixes bug 24857; - bugfix on 0.3.1.1-alpha. - diff --git a/changes/bug30187 b/changes/bug30187 deleted file mode 100644 index 2a3358d6be..0000000000 --- a/changes/bug30187 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (relay, windows): - - Fix bug where running a relay on Windows would use 100% - CPU after some time. Makes Windows >= Vista the required - Windows version to build and run tor. Fixes bug 30187; - bugfix on 0.4.5.1-alpha. Patch by Daniel Pinto. diff --git a/changes/bug32666 b/changes/bug32666 deleted file mode 100644 index d487b22148..0000000000 --- a/changes/bug32666 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (onion services): - - Avoid a non-fatal assertion in certain edge-cases when establishing a - circuit to onion service. Fixes bug 32666; bugfix on 0.3.0.3-alpha. diff --git a/changes/bug32880 b/changes/bug32880 deleted file mode 100644 index a25cabb7dc..0000000000 --- a/changes/bug32880 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (circuit, handshake): - - In the v3 handshaking code, Use connection_or_change_state() to change - the state. Previously, we changed the state directly, but this did not - pass a state change to the pubsub or channel object. Fixes bug 32880; - bugfix on 0.2.3.6-alpha. Patch by Neel Chauhan. diff --git a/changes/bug40015 b/changes/bug40015 deleted file mode 100644 index 1d190df751..0000000000 --- a/changes/bug40015 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (crash, relay, signing key): - - Avoid asserts when we run Tor from the command line with - `--key-expiration sign` when an ORPort is not set. Fixes - bug 40015; bugfix on 0.3.2.1-alpha. Patch by Neel Chauhan. diff --git a/changes/bug40017 b/changes/bug40017 deleted file mode 100644 index 3f5c2da968..0000000000 --- a/changes/bug40017 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (protocol, proxy support, defense in depth): - - Respond more deliberately to misbehaving proxies that leave leftover - data on their connections, so as to be even less likely as to allow - them to pass their data off as having come from a relay. - Closes ticket 40017. diff --git a/changes/bug40078 b/changes/bug40078 deleted file mode 100644 index 717309e076..0000000000 --- a/changes/bug40078 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfix (crypto): - - Disable the unused batch verification feature of ed25519-donna. Fixes - bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence.
\ No newline at end of file diff --git a/changes/bug40172 b/changes/bug40172 deleted file mode 100644 index a73fcb39a3..0000000000 --- a/changes/bug40172 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix a compilation issue in which the correct 'ranlib' program was not - used when building libtor.a. Fixes bug 40172; bugfix on 0.4.5.1-alpha. diff --git a/changes/bug40175 b/changes/bug40175 deleted file mode 100644 index aa2ce9566f..0000000000 --- a/changes/bug40175 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (logging, diagnostic): - - Log decompression failures at a higher severity level, since they - can help provide missing context for other warning messages. - We rate-limit these messages, to avoid flooding the logs if they - begin to occur frequently. Closes ticket 40175. diff --git a/changes/bug40177 b/changes/bug40177 deleted file mode 100644 index b08be64e47..0000000000 --- a/changes/bug40177 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Remove a duplicate typedef in metrics_store.c. Fixes bug 40177; - bugfix on 0.4.5.1-alpha. diff --git a/changes/bug40179_part1 b/changes/bug40179_part1 deleted file mode 100644 index c302373534..0000000000 --- a/changes/bug40179_part1 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing, portability): - - Fix our Python reference-implementation for the v3 onion service - handshake so that it works correctly with the version of hashlib provided - by Python 3.9. Fixes part of bug 40179; bugfix on 0.3.1.6-rc. diff --git a/changes/bug40179_part2 b/changes/bug40179_part2 deleted file mode 100644 index 15dc861321..0000000000 --- a/changes/bug40179_part2 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Fix the config/parse_tcp_proxy_line test so that it works correctly on - systems where the DNS provider hijacks invalid queries. - Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. diff --git a/changes/bug40187 b/changes/bug40187 deleted file mode 100644 index 563e4b4d76..0000000000 --- a/changes/bug40187 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (testing): - - Fix unit tests that used newly generated list of routers so that they - check them with respect to the date when they were generated, not - with respect to the current time. Fixes bug 40187; bugfix on - 0.4.5.1-alpha. diff --git a/changes/bug40190 b/changes/bug40190 deleted file mode 100644 index 0f3d6941dc..0000000000 --- a/changes/bug40190 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (SOCKS5): - - Handle partial socks5 messages correctly. Previously, our code would - send an incorrect error message if it got a socks5 request that wasn't - complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. diff --git a/changes/bug40210 b/changes/bug40210 deleted file mode 100644 index f492262a11..0000000000 --- a/changes/bug40210 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (crypto): - - Fix undefined behavior on our Keccak library. The bug only appears on - platforms with 32-byte CPU cache lines (e.g. armv5tel) and would result - in wrong digests. Fixes bug 40210; bugfix on 0.2.8.1-alpha. Thanks to - Bernhard Ãœbelacker, Arnd Bergmann and weasel for diagnosing this. diff --git a/changes/bug40238 b/changes/bug40238 deleted file mode 100644 index 35784a16bb..0000000000 --- a/changes/bug40238 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (logging): - - Reject obsolete router/extrainfo descs earlier and more quietly. - Fixes bug 40238; bugfix on 0.4.5.1-alpha.
\ No newline at end of file diff --git a/changes/bug40256_045 b/changes/bug40256_045 deleted file mode 100644 index 14e67659e0..0000000000 --- a/changes/bug40256_045 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (documentation): - - Fix a formatting error on the documentation for - VirtualAddrNetworkIPv6. Fixes bug 40256; bugfix on 0.2.9.4-alpha. diff --git a/changes/bug40281 b/changes/bug40281 deleted file mode 100644 index 0708039f04..0000000000 --- a/changes/bug40281 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (logging): - - Avoid a spurious log message about missing subprotocol versions, when - the consensus that we're reading from is older than the current - release. . Previously we had made this message nonfatal in this case, - but in practice, it is never relevant when the consensus is older than - the current release. Fixes bug 40281; bugfix on 0.4.0.1-alpha. diff --git a/changes/bug40285_045 b/changes/bug40285_045 deleted file mode 100644 index db4f73cde0..0000000000 --- a/changes/bug40285_045 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (controller): - - Fix a "BUG" warning that would appear when a controller chooses the - first hop for a circuit, and that circuit completes. Fixes - bug 40285; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug40287 b/changes/bug40287 deleted file mode 100644 index 5a9c899d52..0000000000 --- a/changes/bug40287 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (directory authority): - - Now that exit relays don't allow exit connections to directory authority - DirPorts (network reentry), disable authorities' reachability self test - on the DirPort. Fixes bug 40287; bugfix on 0.4.5.5-rc. diff --git a/changes/bug40298 b/changes/bug40298 deleted file mode 100644 index 8b8b0bbc12..0000000000 --- a/changes/bug40298 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (portability): - - Fix a non-portable usage of "==" with "test" in the configure script. - Fixes bug 40298; bugfix on 0.4.5.1-alpha. diff --git a/changes/bug40315 b/changes/bug40315 deleted file mode 100644 index 9e9c740d96..0000000000 --- a/changes/bug40315 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (Linux, relay): - - Fix a bug in determining total available system memory that would have - been triggered if the format of /proc/meminfo had ever changed - to include "MemTotal:" in the middle of a line. Fixes bug 40315; - bugfix on 0.2.5.4-alpha. diff --git a/changes/bug40316 b/changes/bug40316 deleted file mode 100644 index cd275b5c9c..0000000000 --- a/changes/bug40316 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security, denial of service): - - Fix a bug in appending detached signatures to a pending consensus - document that could be used to crash a directory authority. - Fixes bug 40316; bugfix on 0.2.2.6-alpha. Tracked as - TROVE-2021-002 and CVE-2021-28090. diff --git a/changes/bug40317 b/changes/bug40317 deleted file mode 100644 index 18ec499a51..0000000000 --- a/changes/bug40317 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (control, sandbox): - - Allows the control command SAVECONF to succeed when the seccomp - sandbox is enabled. Makes SAVECONF keep only one backup file to - simplify implementation. Fixes bug 40317; bugfix on 0.2.5.4-alpha. - Patch by Daniel Pinto. diff --git a/changes/bug40318 b/changes/bug40318 deleted file mode 100644 index cc02f08ca0..0000000000 --- a/changes/bug40318 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (configuration tests bsd): - - Fix glob processing errors when globs expand to invalid paths on - BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by - Daniel Pinto. diff --git a/changes/bug40371 b/changes/bug40371 deleted file mode 100644 index 8cc7117f9f..0000000000 --- a/changes/bug40371 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (compatibility): - - Fix compatibility with the most recent Libevent versions, which - no longer have an evdns_set_random_bytes() function. Because - this function has been a no-op since Libevent 2.0.4-alpha, - it is safe for us to just stop calling it. Fixes bug 40371; - bugfix on 0.2.1.7-alpha. diff --git a/changes/bug40375 b/changes/bug40375 deleted file mode 100644 index 7ac32bc628..0000000000 --- a/changes/bug40375 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (consensus handling): - - Avoid a set of bugs that could be caused by inconsistently preferring - an out-of-date consensus stored in a stale directory cache over - a more recent one stored on disk as the latest consensus. - Fixes bug 40375; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug40380 b/changes/bug40380 deleted file mode 100644 index 24d2876b7d..0000000000 --- a/changes/bug40380 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compiler warnings): - - Fix an indentation problem that led to a warning from GCC 11.1.1. - Fixes bug 40380; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug40383 b/changes/bug40383 deleted file mode 100644 index c4ca46fac7..0000000000 --- a/changes/bug40383 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (timekeeping): - - Calculate the time of day correctly on systems where the time_t - type includes leap seconds. (This is not the case on most - operating systems, but on those where it occurs, our tor_timegm - function did not correctly invert the system's gmtime function, - which could result in assertion failures when calculating - voting schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha. diff --git a/changes/bug40391 b/changes/bug40391 deleted file mode 100644 index e3c186275f..0000000000 --- a/changes/bug40391 +++ /dev/null @@ -1,9 +0,0 @@ - o Major bugfixes (security): - - Resist a hashtable-based CPU denial-of-service attack against - relays. Previously we used a naive unkeyed hash function to look up - circuits in a circuitmux object. An attacker could exploit this to - construct circuits with chosen circuit IDs in order to try to create - collisions and make the hash table inefficient. Now we use a SipHash - construction for this hash table instead. Fixes bug 40391; bugfix on - 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005. - Reported by Jann Horn from Google's Project Zero. diff --git a/changes/bug40392 b/changes/bug40392 deleted file mode 100644 index 4dffa50bb2..0000000000 --- a/changes/bug40392 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (security, denial of service, onion services): - - Fix an out-of-bounds memory access in v3 descriptor parsing. Fixes bug - 40392; bugfix on 0.3.0.1-alpha. This issue is also tracked as - TROVE-2021-006. Reported by Sergei Glazunov from Google's Project Zero.
\ No newline at end of file diff --git a/changes/bug40399 b/changes/bug40399 deleted file mode 100644 index 7954b85eaf..0000000000 --- a/changes/bug40399 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (compatibility): - - Remove an assertion function related to TLS renegotiation. - It was used nowhere outside the unit tests, and it was breaking - compilation with recent alpha releases of OpenSSL 3.0.0. - Closes ticket 40399. diff --git a/changes/bug40409 b/changes/bug40409 deleted file mode 100644 index b8d061be78..0000000000 --- a/changes/bug40409 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (warnings, portability): - - Suppress a strict-prototype warning when building with some versions - of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha. diff --git a/changes/bug40429 b/changes/bug40429 deleted file mode 100644 index 9bf3b63818..0000000000 --- a/changes/bug40429 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (compilation): - - Fix our configuration logic to detect whether we had OpenSSL 3: - previously, our logic was reversed. This has no other effect than to - change whether we suppress deprecated API warnings. Fixes - bug 40429; bugfix on 0.3.5.13. diff --git a/changes/bug40472 b/changes/bug40472 deleted file mode 100644 index d87c1dc2cc..0000000000 --- a/changes/bug40472 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (performance, DoS): - - Fix one case of a not-especially viable denial-of-service attack found - by OSS-Fuzz in our consensus-diff parsing code. This attack causes a - lot small of memory allocations and then immediately frees them: this - is only slow when running with all the sanitizers enabled. Fixes one - case of bug 40472; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug40515 b/changes/bug40515 deleted file mode 100644 index d315e28411..0000000000 --- a/changes/bug40515 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (controller, path bias): - - When a circuit's path is specified, in full or in part, from the - controller API, do not count that circuit towards our path-bias - calculations. (Doing so was incorrect, since we cannot tell whether - the controller is selecting relays randomly.) Resolves a "Bug" - warning. Fixes bug 40515; bugfix on 0.2.4.10-alpha. diff --git a/changes/bug40639 b/changes/bug40639 new file mode 100644 index 0000000000..d975e9ad22 --- /dev/null +++ b/changes/bug40639 @@ -0,0 +1,5 @@ + o Major bugfixes (vanguards): + - We had omitted some checks for whether our vanguards (second layer + guards from proposal 333) overlapped. Now make sure to pick each + of them to be independent. Also, change the design to allow them to + come from the same family. Fixes bug 40639; bugfix on 0.4.7.1-alpha. diff --git a/changes/bug40642 b/changes/bug40642 new file mode 100644 index 0000000000..f50d87e031 --- /dev/null +++ b/changes/bug40642 @@ -0,0 +1,9 @@ + o Major bugfixes (congestion control): + - Implement RFC3742 Limited Slow Start. Congestion control was + overshooting the congestion window during slow start, particularly for + onion service activity. With this fix, we now update the congestion + window more often during slow start, as well as dampen the exponential + growth when the congestion window grows above a capping parameter. + This should reduce the memory increases guard relays were seeing, as + well as allow us to set lower queue limits to defend against + ongoing DoS attacks. Fixes bug 40642; bugfix on 0.4.7.5-alpha. diff --git a/changes/bug40644 b/changes/bug40644 new file mode 100644 index 0000000000..a27c63ede2 --- /dev/null +++ b/changes/bug40644 @@ -0,0 +1,8 @@ + o Minor bugfixes (congestion control): + - Add a check for an integer underflow condition that might + happen in cases where the system clock is stopped, the + ORconn is blocked, and the endpoint sends more than a + congestion window worth of non-data control cells at once. + This would cause a large congestion window to be calculated + instead of a small one. No security impact. Fixes bug 40644; + bugfix on 0.4.7.5-alpha. diff --git a/changes/bug40673 b/changes/bug40673 new file mode 100644 index 0000000000..1bbf42649b --- /dev/null +++ b/changes/bug40673 @@ -0,0 +1,7 @@ + o Minor bugfixes (relay overload statistics): + - Count total create cells vs dropped create cells properly, when + assessing if our fraction of dropped cells is too high. We only + count non-client circuits in the denominator, but we would include + client circuits in the numerator, leading to surprising log lines + claiming that we had dropped more than 100% of incoming create + cells. Fixes bug 40673; bugfix on 0.4.7.1-alpha. diff --git a/changes/bug40698 b/changes/bug40698 new file mode 100644 index 0000000000..98ddd4f968 --- /dev/null +++ b/changes/bug40698 @@ -0,0 +1,11 @@ + o Minor bugfixes (dirauth): + - Directory authorities stop voting a consensus "Measured" weight + for relays with the Authority flag. Now these relays will be + considered unmeasured, which should reserve their bandwidth + for their dir auth role and minimize distractions from other + roles. In place of the "Measured" weight, they now include a + "MeasuredButAuthority" weight (not used by anything) so the + bandwidth authority's opinion on this relay can be recorded for + posterity. Lastly, remove the AuthDirDontVoteOnDirAuthBandwidth + torrc option which never worked right. Fixes bugs 40698 and 40700; + bugfix on 0.4.7.2-alpha. diff --git a/changes/bug40732 b/changes/bug40732 new file mode 100644 index 0000000000..f2388e7e8d --- /dev/null +++ b/changes/bug40732 @@ -0,0 +1,7 @@ + o Major bugfixes (congestion control): + - Avoid incrementing the congestion window when the window is not + fully in use. Thia prevents overshoot in cases where long periods + of low activity would allow our congestion window to grow, and + then get followed by a burst, which would cause queue overload. + Also improve the increment checks for RFC3742. Fixes bug 40732; + bugfix on 0.4.7.5-alpha. diff --git a/changes/clone3-sandbox b/changes/clone3-sandbox deleted file mode 100644 index dac8fe72da..0000000000 --- a/changes/clone3-sandbox +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (linux seccomp2 sandbox): - - Permit the clone3 syscall, which is apparently used in glibc-2.34 and - later. Closes ticket 40590. diff --git a/changes/fallbackdirs-2021-12-15 b/changes/fallbackdirs-2021-12-15 deleted file mode 100644 index ce08cef5cb..0000000000 --- a/changes/fallbackdirs-2021-12-15 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on December 15, 2021. diff --git a/changes/fallbackdirs-2022-02-04 b/changes/fallbackdirs-2022-02-04 deleted file mode 100644 index 3d4ec28fe9..0000000000 --- a/changes/fallbackdirs-2022-02-04 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on February 04, 2022. diff --git a/changes/fallbackdirs-2022-11-10 b/changes/fallbackdirs-2022-11-10 new file mode 100644 index 0000000000..64df9c5f10 --- /dev/null +++ b/changes/fallbackdirs-2022-11-10 @@ -0,0 +1,2 @@ + o Minor features (fallbackdir): + - Regenerate fallback directories generated on November 10, 2022. diff --git a/changes/geoip-2021-03-12 b/changes/geoip-2021-03-12 deleted file mode 100644 index 01c1b0f162..0000000000 --- a/changes/geoip-2021-03-12 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor features (geoip data): - - We have switched geoip data sources. Previously we shipped - IP-to-country mappings from Maxmind's GeoLite2, but in 2019 they - changed their licensing term, so we were unable to update them after - that point. We now ship geoip files based on the IPFire Location - Database instead. (See https://location.ipfire.org/ for more - information). This release updates our geoip files to match the - IPFire Location Database as retrieved on 2021/03/12. Closes - ticket 40224. diff --git a/changes/geoip-2021-05-07 b/changes/geoip-2021-05-07 deleted file mode 100644 index 07bf12c4d8..0000000000 --- a/changes/geoip-2021-05-07 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2021/05/07. diff --git a/changes/geoip-2021-06-10 b/changes/geoip-2021-06-10 deleted file mode 100644 index 2b798012c8..0000000000 --- a/changes/geoip-2021-06-10 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2021/06/10. diff --git a/changes/geoip-2021-08-12 b/changes/geoip-2021-08-12 deleted file mode 100644 index 59afcc5bb7..0000000000 --- a/changes/geoip-2021-08-12 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2021/08/12. diff --git a/changes/geoip-2021-12-15 b/changes/geoip-2021-12-15 deleted file mode 100644 index 5123557138..0000000000 --- a/changes/geoip-2021-12-15 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2021/12/15. diff --git a/changes/geoip-2022-02-04 b/changes/geoip-2022-02-04 deleted file mode 100644 index 41921da85f..0000000000 --- a/changes/geoip-2022-02-04 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2022/02/04. diff --git a/changes/geoip-2021-04-13 b/changes/geoip-2022-11-10 index db21a1c037..dce05f50c4 100644 --- a/changes/geoip-2021-04-13 +++ b/changes/geoip-2022-11-10 @@ -1,3 +1,3 @@ o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, - as retrieved on 2021/04/13. + as retrieved on 2022/11/10. diff --git a/changes/ip_bind_address_no_port b/changes/ip_bind_address_no_port new file mode 100644 index 0000000000..9c4f712a9e --- /dev/null +++ b/changes/ip_bind_address_no_port @@ -0,0 +1,5 @@ + o Minor features (relays): + - Set the Linux-specific IP_BIND_ADDRESS_NO_PORT option on outgoing + sockets, allowing relays using OutboundBindAddress to make more outgoing + connections than ephemeral ports, as long as they are to separate + destinations. Related to issue 40597; patch by Alex Xu (Hello71). diff --git a/changes/issue40613 b/changes/issue40613 new file mode 100644 index 0000000000..76434beba2 --- /dev/null +++ b/changes/issue40613 @@ -0,0 +1,3 @@ + o Code simplifications and refactoring: + - Rely on actual error returned by the kernel when choosing what resource + exhaustion to log. Fixes issue 40613; Fix on tor-0.4.6.1-alpha. diff --git a/changes/ticket18888 b/changes/ticket18888 deleted file mode 100644 index 279eab76ad..0000000000 --- a/changes/ticket18888 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (safety): - - Log a warning at startup if Tor is built with compile-time options that - are likely to make it less stable or reliable. Closes ticket 18888. diff --git a/changes/ticket22473 b/changes/ticket22473 deleted file mode 100644 index c7496f9da7..0000000000 --- a/changes/ticket22473 +++ /dev/null @@ -1,3 +0,0 @@ - o Removed features (controller): - - Remove the "GETINFO network-status" controller command. It has - been deprecated since 0.3.1.1-alpha. Closes ticket 22473. diff --git a/changes/ticket25528 b/changes/ticket25528 deleted file mode 100644 index cfc6c91fb7..0000000000 --- a/changes/ticket25528 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (client, bridge, configuration): - - Exit tor on a misconfiguration when the Bridge line has a transport but - no corresponding ClientTransportPlugin can be found. Prior to this fix, - tor would attempt to connect to the bridge directly without using the - transport leading to a possible leak on the wire. Fixes bug 25528; - bugfix on 0.2.6.1-alpha. diff --git a/changes/ticket26299 b/changes/ticket26299 deleted file mode 100644 index 6b08adf53c..0000000000 --- a/changes/ticket26299 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor feature (reproducible build): - - The repository can now build reproducible tarballs which adds the build - command "make dist-reprod" for that purpose. Closes ticket 26299. diff --git a/changes/ticket2667 b/changes/ticket2667 deleted file mode 100644 index cc42286ef9..0000000000 --- a/changes/ticket2667 +++ /dev/null @@ -1,4 +0,0 @@ - o Major feature (exit): - - Re-entry into the network is now denied at the Exit level to all relays' - ORPort and authorities' ORPort+DirPort. This is to help mitigate a series - of attacks. See ticket for more information. Closes ticket 2667. diff --git a/changes/ticket30477 b/changes/ticket30477 deleted file mode 100644 index 379fc4e7eb..0000000000 --- a/changes/ticket30477 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (bridge): - - We now announce the URL to Tor's new bridge status at - https://bridges.torproject.org/ when Tor is configured to run as a bridge - relay. Closes ticket 30477. diff --git a/changes/ticket32178 b/changes/ticket32178 deleted file mode 100644 index c13e490cb0..0000000000 --- a/changes/ticket32178 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (logging): - - Remove trailing whitespaces from control event log messages. Fixes bug - 32178; bugfix on 0.1.1.1-alpha. Based on a patch by Amadeusz Pawlik. diff --git a/changes/ticket33624 b/changes/ticket33624 deleted file mode 100644 index eded3b4dee..0000000000 --- a/changes/ticket33624 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (configure, static build): - - Change our search library configure macro linker flag order so it works - for certain compilers that need the right order. Fixes bug 33624; bugfix - on 0.1.1.0-alpha. - diff --git a/changes/ticket40071 b/changes/ticket40071 deleted file mode 100644 index 1e294a68e7..0000000000 --- a/changes/ticket40071 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (relay, address): - - Don't trigger an IP change if no new valid IP can be found. Fixes bug - 40071; bugfix on 0.4.5.1-alpha. - - When attempting to discover our IP, don't launch a descriptor fetch - anymore but rather a simple test circuit since the address discovery is - through the NETINFO cell now from the authorities. Fixes bug 40071; bugfix - on 0.4.5.1-alpha. diff --git a/changes/ticket40106 b/changes/ticket40106 deleted file mode 100644 index 3f344d478f..0000000000 --- a/changes/ticket40106 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (config, bridge): - - Don't initiate a connection to a bridge without a corresponding - transport. Fixes bug 40106; bugfix on 0.4.5.1-alpha. - - This also reverts an earlier fix we did for this that would validate - configuration to avoid such situation but turns out it wouldn't work for - a DisableNetwork thus the new approach. diff --git a/changes/ticket40111 b/changes/ticket40111 deleted file mode 100644 index a82ca0d489..0000000000 --- a/changes/ticket40111 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (configure, build): - - Fix the --enable-static-tor switch to properly set the -static compile - option onto the tor binary only. Fixes bug 40111; bugfix on - 0.2.3.1-alpha. - - Path to static libevent has been fixed as well which affects the - --enable-static-libevent to behave correctly now. The .a file is in - .libs/ of libevent repository, not at the root. diff --git a/changes/ticket40142 b/changes/ticket40142 deleted file mode 100644 index 25a96b3df3..0000000000 --- a/changes/ticket40142 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (logging, flow control): - - Turn a SENDME failure log warning into a debug. It can actually happen - naturally. Fixes bug 40142; bugfix on 0.4.1.1-alpha. diff --git a/changes/ticket40165 b/changes/ticket40165 deleted file mode 100644 index a8dd0a339b..0000000000 --- a/changes/ticket40165 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (compilation): - - Disable deprecation warnings when building with OpenSSL 3.0.0 or later. - There are a number of newly deprecated APIs in OpenSSL 3.0.0 that Tor - still requires. (A later version of Tor will try to stop depending on - these.) Closes ticket 40165. diff --git a/changes/ticket40170 b/changes/ticket40170 deleted file mode 100644 index cc1c8dbad1..0000000000 --- a/changes/ticket40170 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (tests): - - Fix the "tortls/openssl/log_one_error" test to work with OpenSSL 3.0.0. - Fixes bug 40170; bugfix on 0.2.8.1-alpha. diff --git a/changes/ticket40174 b/changes/ticket40174 deleted file mode 100644 index 869a2756f4..0000000000 --- a/changes/ticket40174 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (configure, build): - - With USDT tracing enabled, if STAP_PROBEV() is missing, don't attempt to - build. Linux supports that macro but not the BSDs. Fixes bug 40174; bugfix - on 0.4.5.1-alpha. diff --git a/changes/ticket40183 b/changes/ticket40183 deleted file mode 100644 index 3c4bdf21e2..0000000000 --- a/changes/ticket40183 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (port configuration): - - Second non ORPort of a different family (ex: SocksPort [::1]:9050) was - ignored due to a logical configuration parsing error. Fixes bug 40183; - bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40188 b/changes/ticket40188 deleted file mode 100644 index e29b2a9438..0000000000 --- a/changes/ticket40188 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (documentation): - - Mention the !badexit directive that can appear in an authority's - approved-routers file, and update the description of the !invalid - directive. Closes ticket 40188. diff --git a/changes/ticket40194 b/changes/ticket40194 new file mode 100644 index 0000000000..9f3a4833cf --- /dev/null +++ b/changes/ticket40194 @@ -0,0 +1,9 @@ + o Minor feature (relay, metrics): + - Add counters to the MetricsPort how many connections, per type, are + currently opened and how many were created. Part of ticket 40194. + - Add total number of streams seen by an Exit to the MetricsPort. + - Add congestion control RTT reset counter to MetricsPort. + - Add DoS defenses counter to MetricsPort. + - Add relay flags from the consensus to the MetricsPort. + - Add total number of opened circuits to MetricsPort. + - Add traffic stats as in number of read/written bytes in total. diff --git a/changes/ticket40195 b/changes/ticket40195 deleted file mode 100644 index caa0bace94..0000000000 --- a/changes/ticket40195 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (configuration, ports): - - Fix an issue where an ORPort was validated against other type of ports - when it should have been only checked against other ORPorts. This lead to - "DirPort auto" to be ignored and failing to be used. Fixes bug 40195; - bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40201 b/changes/ticket40201 deleted file mode 100644 index cdf8d99172..0000000000 --- a/changes/ticket40201 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (logging, relay): - - Logs the address discovered by the directory authorities if none were - configured or detected before. Fixes bug 40201; bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40205 b/changes/ticket40205 deleted file mode 100644 index e21c7fab7c..0000000000 --- a/changes/ticket40205 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (relay, logging, reachability): - - When launching bandwidth testing circuit, don't log notice that we are - doing a reachability test. Furthermore, avoid to trigger a - "CHECKING_REACHABILITY" control event. Fixes bug 40205; bugfix on - 0.4.5.1-alpha. diff --git a/changes/ticket40208 b/changes/ticket40208 deleted file mode 100644 index 5a3a1aa55e..0000000000 --- a/changes/ticket40208 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (relay): - - Allow relays to have a RFC1918 address if PublishServerDescriptor is set - to 0 and AssumeReachable is set to 1. This is to support the use case of a - bridge on a local network that can be used by restricted users on that - network to reach the Tor network. Fixes bug 40208; bugfix on - 0.4.5.1-alpha. diff --git a/changes/ticket40221_045 b/changes/ticket40221_045 deleted file mode 100644 index 0f3ab894c2..0000000000 --- a/changes/ticket40221_045 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (protocol versions): - - Stop claiming to support the "DirCache=1" subprotocol version. - Technically, we stopped supporting this subprotocol back in - 0.4.5.1-alpha, but we needed to wait for the authorities to stop - listing it as "required" before we can drop support. Closes ticket - 40221. diff --git a/changes/ticket40226 b/changes/ticket40226 deleted file mode 100644 index 4775438f63..0000000000 --- a/changes/ticket40226 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (relay, statistics): - - The connection statistics were wrongly exported in the extrainfo document - due to a problem in the file loading function which would wrongly truncate - the file reporting the wrong information. It is now fixed. Fixes bug - 40226; bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40227 b/changes/ticket40227 deleted file mode 100644 index e5efad0f95..0000000000 --- a/changes/ticket40227 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor feature (build system): - - New "make lsp" command to auto generate the compile_commands.json file - used by the ccls server. The "bear" program is needed for this. Closes - ticket 40227. diff --git a/changes/ticket40231 b/changes/ticket40231 deleted file mode 100644 index a5ba598fd1..0000000000 --- a/changes/ticket40231 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (relay): - - If we were unable to build our descriptor, don't mark that we've - advertised our descriptor. Also remove an harmless BUG(). Fixes bug 40231; - bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40237 b/changes/ticket40237 deleted file mode 100644 index fc32f59cd4..0000000000 --- a/changes/ticket40237 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (onion service v3): - - Stop requiring a live consensus for v3 clients and services to work. The - use of a reasonably live consensus will allow v3 to work properly in most - cases if the network failed to generate a consensus for more than 2 hours - in a row. Fixes bug 40237; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40243 b/changes/ticket40243 deleted file mode 100644 index 548ec95ab4..0000000000 --- a/changes/ticket40243 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (authority, IPv6): - - Do not consider multiple relays in the same IPv6 network to be sybils. - Sybils are selected based on the /128 now, not the /64. Fixes bug 40243; - bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40245 b/changes/ticket40245 deleted file mode 100644 index 641372333e..0000000000 --- a/changes/ticket40245 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (logging): - - Give more visibility to directory authority operators during the - consensus voting process and while processing relay descriptors. - Closes ticket 40245. diff --git a/changes/ticket40254 b/changes/ticket40254 deleted file mode 100644 index 9945e3d3b8..0000000000 --- a/changes/ticket40254 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (relay, configuration): - - Don't attempt to discover address (IPv4 or IPv6) if no ORPort for it can - be found in the configuration. Fixes bug 40254; bugfix on 0.4.5.1-alpha. - diff --git a/changes/ticket40257 b/changes/ticket40257 deleted file mode 100644 index 4bcebc45a1..0000000000 --- a/changes/ticket40257 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (metrics port): - - Fix a bug warning when the socket was unexpectedly closed. Fixes bug - 40257; bugfix on 0.4.5.1-alpha diff --git a/changes/ticket40265 b/changes/ticket40265 deleted file mode 100644 index 2a346d64c3..0000000000 --- a/changes/ticket40265 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor feature (fallback directory): - - Renegerate the list to a new set of 200 relays acting as fallback - directories. Closes ticket 40265. diff --git a/changes/ticket40279 b/changes/ticket40279 deleted file mode 100644 index 351db40789..0000000000 --- a/changes/ticket40279 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (IPv6, relay): - - Fix a bug that prevented a relay to publish its descriptor in the case of - an auto-discovered IPv6 that was found unreachable for which we always - publish if the IPv4 is correct. Fixes bug 40279; bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40286_minimal b/changes/ticket40286_minimal deleted file mode 100644 index 6a04ca79eb..0000000000 --- a/changes/ticket40286_minimal +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (security, denial of service): - - Disable the dump_desc() function that we used to dump unparseable - information to disk. It was called incorrectly in several places, - in a way that could lead to excessive CPU usage. Fixes bug 40286; - bugfix on 0.2.2.1-alpha. This bug is also tracked as - TROVE-2021-001 and CVE-2021-28089. diff --git a/changes/ticket40289 b/changes/ticket40289 deleted file mode 100644 index cdb36825b0..0000000000 --- a/changes/ticket40289 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (relay, config): - - Fix a problem in the removal of duplicate ORPort from the internal port - list when loading config file. We were removing wrong ports breaking valid - torrc uses cases for multiple ORPorts of the same address family. Fixes - bug 40289; bugfix on 0.4.5.1-alpha. - diff --git a/changes/ticket40295 b/changes/ticket40295 deleted file mode 100644 index e6dba80120..0000000000 --- a/changes/ticket40295 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (metrics port): - - Fix a BUG() on the MetricsPort for an internal missing handler. Fixes bug - 40295; bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40300 b/changes/ticket40300 deleted file mode 100644 index b772ff60a4..0000000000 --- a/changes/ticket40300 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes (relay): - - Remove a spammy log notice that should not have been indicating the - operator that its IPv4/v6 was missing but it was not. Fixes bug 40300; - bugfix on 0.4.5.1-alpha. - - Do not query the address cache early in the boot process when deciding - if we a relay needs to fetch early directory information from an - authority. This resulted in a relay falsely believing it didn't have an - address and thus triggering an authority fetch at each boot. diff --git a/changes/ticket40301 b/changes/ticket40301 deleted file mode 100644 index c1fd821e3f..0000000000 --- a/changes/ticket40301 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (relay): - - Reduce the compression level for data streaming from HIGH to LOW. Fixes - bug 40301; bugfix on 0.3.5.1-alpha. - diff --git a/changes/ticket40309 b/changes/ticket40309 deleted file mode 100644 index 087ac36a4f..0000000000 --- a/changes/ticket40309 +++ /dev/null @@ -1,3 +0,0 @@ - o New system requirements (mallinfo() deprecated): - - Remove mallinfo() usage entirely. Libc 2.33+ now deprecates it. Closes - ticket 40309. diff --git a/changes/ticket40334 b/changes/ticket40334 deleted file mode 100644 index c1c34384a0..0000000000 --- a/changes/ticket40334 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (onion service): - - Remove a harmless BUG() warning when reloading tor configured with onion - services. Fixes bug 40334; bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40337 b/changes/ticket40337 deleted file mode 100644 index 1c86fc4c99..0000000000 --- a/changes/ticket40337 +++ /dev/null @@ -1,16 +0,0 @@ - o Minor features (testing): - - On a testing network, relays can now use the - TestingMinTimeToReportBandwidth option to change - the smallest amount of time over which they're willing to report - their observed maximum bandwidth. Previously, this was fixed - at 1 day. For safety, values under 2 hours are only supported on - testing networks. Part of a fix for ticket 40337. - - o Minor features (testing): - - Relays on testing networks now report their observed bandwidths - immediately from startup. Previously, they waited - until they had been running for a full day. Closes ticket - 40337. - - Relays on testing networks no longer rate-limit how frequently - they are willing to report new bandwidth measurements. Part of a fix - for ticket 40337. diff --git a/changes/ticket40345 b/changes/ticket40345 deleted file mode 100644 index 246e4a86af..0000000000 --- a/changes/ticket40345 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (channel, DoS): - - Fix a possible non fatal assertion BUG() due to a too early free of a - string when noting down the client connection for the DoS defenses - subsystem. Fixes bug 40345; bugfix on 0.4.3.4-rc - diff --git a/changes/ticket40356 b/changes/ticket40356 deleted file mode 100644 index 59c32ce0cc..0000000000 --- a/changes/ticket40356 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfix (onion service, client, memory leak): - - An expired cached descriptor could have been overwritten with a new one - leading to a memory leak. Fixes bug 40356; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40360 b/changes/ticket40360 deleted file mode 100644 index 4a1b2c3446..0000000000 --- a/changes/ticket40360 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (bridge, pluggable transport): - - Fix a regression that prevented to configure a Bridge line without a - fingerprint (which is a normal use case). Fixes bug 40360; bugfix on - 0.4.5.4-rc. - diff --git a/changes/ticket40369 b/changes/ticket40369 deleted file mode 100644 index abb59a7125..0000000000 --- a/changes/ticket40369 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (build, cross-compilation): - - Allow a custom "ar" for cross-compilation. Our previous build script - had used the $AR environment variable in most places, but it missed - one. Fixes bug 40369; bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40370 b/changes/ticket40370 deleted file mode 100644 index fcdb0eb173..0000000000 --- a/changes/ticket40370 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (metrics port): - - Fix a bug that made tor try to re-bind() every 60 seconds on an already - open MetricsPort. Fixes bug 40370; bugfix on 0.4.5.1-alpha. - diff --git a/changes/ticket40373 b/changes/ticket40373 deleted file mode 100644 index e2ea297bc2..0000000000 --- a/changes/ticket40373 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (onion services): - - Add warning message when connecting to soon-to-be-deprecated v2 onions. - Closes ticket 40373. diff --git a/changes/ticket40382 b/changes/ticket40382 deleted file mode 100644 index 5ac1b771b9..0000000000 --- a/changes/ticket40382 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (compatibility, Linux seccomp sandbox): - - Add a workaround to enable the Linux sandbox to work correctly - on systems running Glibc 2.33. These versions have started - using the fstatat() system call, which previously our sandbox did not - allow. - Closes ticket 40382; see the ticket for a discussion of tradeoffs. diff --git a/changes/ticket40389 b/changes/ticket40389 deleted file mode 100644 index 7dcf65b32e..0000000000 --- a/changes/ticket40389 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes (relay, TROVE): - - Don't allow entry or middle relays to spoof RELAY_END or RELAY_RESOLVED - cell on half-closed streams. Fixes bug 40389; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40390 b/changes/ticket40390 deleted file mode 100644 index b56fa4d9da..0000000000 --- a/changes/ticket40390 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (security, defense-in-depth): - - Detect a wider variety of failure conditions from the OpenSSL RNG - code. Previously, we would detect errors from a missing RNG - implementation, but not failures from the RNG code itself. - Fortunately, it appears those failures do not happen in practice - when Tor is using OpenSSL's default RNG implementation. - Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as - TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. diff --git a/changes/ticket40410 b/changes/ticket40410 deleted file mode 100644 index 658e0683c7..0000000000 --- a/changes/ticket40410 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - Fix a compilation error when trying to build Tor with a compiler that - does not support expanding statitically initialized const values in - macro's. Fixes bug 40410; bugfix on 0.4.5.1-alpha diff --git a/changes/ticket40419 b/changes/ticket40419 deleted file mode 100644 index 0004329662..0000000000 --- a/changes/ticket40419 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (testing): - - Enable the deterministic RNG for unit tests that covers the address set - bloomfilter-based API's. Fixes bug 40419; bugfix on 0.3.3.2-alpha. diff --git a/changes/ticket40434 b/changes/ticket40434 deleted file mode 100644 index 988bb416be..0000000000 --- a/changes/ticket40434 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfix (onion service): - - Do not flag an HSDir as non-running in case the descriptor upload or - fetch fails. An onion service closes pending directory connections - before uploading a new descriptor which can thus lead to wrongly - flagging many relays and thus affecting circuit building path selection. - Fixes bug 40434; bugfix on 0.2.0.13-alpha. diff --git a/changes/ticket40447 b/changes/ticket40447 deleted file mode 100644 index d1be646a7d..0000000000 --- a/changes/ticket40447 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor feature (fallbackdir): - - Regenerate fallback directories list. Close ticket 40447. diff --git a/changes/ticket40474 b/changes/ticket40474 deleted file mode 100644 index d2a7231106..0000000000 --- a/changes/ticket40474 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (onion service, TROVE-2021-008): - - Only log once any v2 access attempts in order to not pollute the logs - with warnings and avoid recording the times on disk when v2 access was - attempted. Important to note that the onion address was _never_ logged. - That is a Low security issue. Fixes bug 40474; bugfix on 0.4.5.8. diff --git a/changes/ticket40476 b/changes/ticket40476 deleted file mode 100644 index 062e36f9bc..0000000000 --- a/changes/ticket40476 +++ /dev/null @@ -1,8 +0,0 @@ - o Major feature (onion service v2): - - Tor does NOT allow anymore to create v2 services, to connect as a client - to a v2 service and for a relay to be a v2 HSDir or introduction point. - This effectively disable onion service version 2 tor wide. Closes 40476. - - The control port command HSFETCH and HSPOST don't allow version 2 as well. - It is also not possible to create a v2 service with ADD_ONION. - - See https://blog.torproject.org/v2-deprecation-timeline for details on - how to transition from v2 to v3. diff --git a/changes/ticket40493 b/changes/ticket40493 deleted file mode 100644 index eb9baf916b..0000000000 --- a/changes/ticket40493 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories for October 2021. Close ticket 40493. diff --git a/changes/ticket40494 b/changes/ticket40494 deleted file mode 100644 index a0e6c38443..0000000000 --- a/changes/ticket40494 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (relay): - - Reject IPv6-only DirPorts. Our reachability self-test forces DirPorts to - be IPv4, but our configuration parser allowed them to be IPv6-only, - which led to an assertion failure. Fixes bug 40494; bugfix on - 0.4.5.1-alpha. diff --git a/changes/ticket40500 b/changes/ticket40500 deleted file mode 100644 index 2e5ff39761..0000000000 --- a/changes/ticket40500 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfix (CI, onion service): - - Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500; - bugfix on 0.3.2.1-alpha. diff --git a/changes/ticket40509 b/changes/ticket40509 deleted file mode 100644 index ba4502ff3b..0000000000 --- a/changes/ticket40509 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (relay): - - Remove the HSDir and HSIntro onion service v2 protocol versions so relay - stop advertising that they support them. Fixes bug 40509; bugfix on - 0.3.5.17. diff --git a/changes/ticket40511 b/changes/ticket40511 deleted file mode 100644 index 756edd874d..0000000000 --- a/changes/ticket40511 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (compilation): - - Give an error message if trying to build with a version of LibreSSL - known not to work with Tor. (There's an incompatibility with - LibreSSL versions 3.2.1 through 3.4.0 inclusive because of their - incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) - Closes ticket 40511. diff --git a/changes/ticket40544 b/changes/ticket40544 deleted file mode 100644 index b0754f0fd4..0000000000 --- a/changes/ticket40544 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfix (logging): - - Update a log notice dead URL to a working one. Fixes bug 40544; bugfix on - 0.3.5.1-alpha. diff --git a/changes/ticket40552 b/changes/ticket40552 deleted file mode 100644 index 7811f3a743..0000000000 --- a/changes/ticket40552 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (MetricsPort, Prometheus): - - Add double quotes to the label values of the onion service metrics. Fixes - bug 40552; bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40579 b/changes/ticket40579 deleted file mode 100644 index e2558c1102..0000000000 --- a/changes/ticket40579 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (onion service, client): - - Fix a fatal assert due to a guard subsystem recursion triggered by the - onion service client. Fixes bug 40579; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40581 b/changes/ticket40581 deleted file mode 100644 index 315215d8ed..0000000000 --- a/changes/ticket40581 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (metrics port, onion service): - - Fix the metrics with a port label to be unique. Before this, all ports of - an onion service would be on the same line which violates the Prometheus - rules of unique labels. Fixes bug 40581; bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40601 b/changes/ticket40601 deleted file mode 100644 index 529e3badfe..0000000000 --- a/changes/ticket40601 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (linux seccomp2 sandbox): - - Allow the rseq system call in the sandbox. This solves a crash issue with - glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug 40601; bugfix on - 0.3.5.11. diff --git a/changes/ticket40648 b/changes/ticket40648 new file mode 100644 index 0000000000..a891e30204 --- /dev/null +++ b/changes/ticket40648 @@ -0,0 +1,3 @@ + o Code simplification and refactoring (bridges): + - Remove unused code related to ExtPort connection ID. Fixes bug 40648; + bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40652 b/changes/ticket40652 new file mode 100644 index 0000000000..ff9f4d0591 --- /dev/null +++ b/changes/ticket40652 @@ -0,0 +1,10 @@ + o Minor features (dirauth): + - Add an AuthDirVoteGuard torrc option that can allow authorities to + assign the Guard flag to the given fingerprints/country code/IPs. This + is a needed feature mostly for defense purposes in case a DoS hits the + network and relay start losing the Guard flags too fast. + - Make UPTIME_TO_GUARANTEE_STABLE, MTBF_TO_GUARANTEE_STABLE, + TIME_KNOWN_TO_GUARANTEE_FAMILIAR WFU_TO_GUARANTEE_GUARD tunable from + torrc. + - Add a torrc option to control the Guard flag bandwidth threshold + percentile. Closes ticket 40652. diff --git a/changes/ticket40663 b/changes/ticket40663 new file mode 100644 index 0000000000..3992d8e2b5 --- /dev/null +++ b/changes/ticket40663 @@ -0,0 +1,3 @@ + o Minor bugfixes (authorities, sandbox): + - Allow to write file my-consensus-<flavor-name> to disk when sandbox is + activated. Fixes bug 40663; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40664 b/changes/ticket40664 new file mode 100644 index 0000000000..729b6ff02a --- /dev/null +++ b/changes/ticket40664 @@ -0,0 +1,3 @@ + o Minor feature (authority): + - Reject 0.4.6.x series at the authority level. Closes ticket 40664. + diff --git a/changes/ticket40680 b/changes/ticket40680 new file mode 100644 index 0000000000..1383844969 --- /dev/null +++ b/changes/ticket40680 @@ -0,0 +1,6 @@ + o Minor feature (relay, DoS): + - Apply circuit creation anti-DoS defenses if the outbound circuit max cell + queue size is reached too many times. This introduces two new consensus + parameters to control the queue size limit and number of times allowed to + go over that limit. Close ticket 40680. + diff --git a/changes/ticket40683 b/changes/ticket40683 new file mode 100644 index 0000000000..6df078ebae --- /dev/null +++ b/changes/ticket40683 @@ -0,0 +1,6 @@ + o Minor feature (Mac and iOS build): + - Change how combine_libs works on Darwin like platforms to + make sure we don't include any `__.SYMDEF` and `__.SYMDEF SORTED` + symbols on the archive before we repack and run ${RANLIB} on the + archive. This fixes a build issue with recent Xcode versions on + Mac Silicon and iOS. Closes ticket 40683. diff --git a/changes/ticket40692 b/changes/ticket40692 new file mode 100644 index 0000000000..8405486115 --- /dev/null +++ b/changes/ticket40692 @@ -0,0 +1,3 @@ + o Minor bugfixes (onion service client): + - A collapsing onion service circuit should be seen as an "unreachable" + error so it can be retried. Fixes bug 40692; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40694 b/changes/ticket40694 new file mode 100644 index 0000000000..f17639cc27 --- /dev/null +++ b/changes/ticket40694 @@ -0,0 +1,5 @@ + o Major bugfixes (onion service): + - Set a much higher circuit build timeout for opened client rendezvous + circuit. Before this, tor would time them out very quickly leading to many + unnecessary retries and thus more load on the network. Fixes bug 40694; + bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40696 b/changes/ticket40696 new file mode 100644 index 0000000000..a2c09f6a83 --- /dev/null +++ b/changes/ticket40696 @@ -0,0 +1,3 @@ + o Minor bugfixes (onion service): + - Make the service retry a rendezvous if the circuit is being repurposed for + measurements. Fixes bug 40696; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40703 b/changes/ticket40703 new file mode 100644 index 0000000000..f005f8f851 --- /dev/null +++ b/changes/ticket40703 @@ -0,0 +1,4 @@ + o Minor feature (performance): + - Bump the maximum amount of CPU to use from 16 to 128. Note that NumCPUs + torrc option overrides this hardcoded maximum. Fixes bug 40703; bugfix on + 0.3.5.1-alpha. diff --git a/changes/ticket40704 b/changes/ticket40704 new file mode 100644 index 0000000000..b1a83488da --- /dev/null +++ b/changes/ticket40704 @@ -0,0 +1,6 @@ + o Minor feature (relay): + - Two new consensus parameters are added to control the wait time in queue + of the onionskins. One of them is the torrc MaxOnionQueueDelay options + which supersedes the consensus parameter. Closes ticket 40704. + - Change a hardcoded value for the maximum of per CPU tasks into a + consensus parameter. diff --git a/changes/ticket40708 b/changes/ticket40708 new file mode 100644 index 0000000000..1c4a044a0b --- /dev/null +++ b/changes/ticket40708 @@ -0,0 +1,3 @@ + o Minor feature (metrics): + - Add various congestion control counters to the MetricsPort. Closes ticket + 40708. diff --git a/changes/ticket40719 b/changes/ticket40719 new file mode 100644 index 0000000000..eec84dce0f --- /dev/null +++ b/changes/ticket40719 @@ -0,0 +1,3 @@ + o Minor bugfixes (cpuworker, relay): + - Fix an off by one overload calculation on the number of CPUs being used by + our thread pool. Fixes bug 40719; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40724 b/changes/ticket40724 new file mode 100644 index 0000000000..aeb6f9ae8b --- /dev/null +++ b/changes/ticket40724 @@ -0,0 +1,3 @@ + o Minor feature (Congestion control metrics): + - Add additional metricsport relay metrics for congestion control. + Closes ticket 40724. diff --git a/changes/ticket40727 b/changes/ticket40727 new file mode 100644 index 0000000000..ce462481f4 --- /dev/null +++ b/changes/ticket40727 @@ -0,0 +1,3 @@ + o Minor bugfixes (relay, metrics): + - Fix typo in a congestion control label on the MetricsPort. Fixes bug + 40727; bugfix on 0.4.7.12. diff --git a/changes/ticket40729 b/changes/ticket40729 new file mode 100644 index 0000000000..1c2d43d14f --- /dev/null +++ b/changes/ticket40729 @@ -0,0 +1,3 @@ + o Minor bugfixes (sandbox, authority): + - With the sandbox enabled, allow to write "my-consensus-{ns|microdesc}" and + to rename them as well. Fixes bug 40729; bugfix on 0.3.5.1-alpha. |