diff options
Diffstat (limited to 'changes')
71 files changed, 255 insertions, 125 deletions
diff --git a/changes/19037 b/changes/19037 new file mode 100644 index 0000000000..35f323f1b0 --- /dev/null +++ b/changes/19037 @@ -0,0 +1,7 @@ + o Minor features (development support): + - Developers can now generate a call-graph for Tor using the + "calltool" python program, which post-processes object dumps. It + should work okay on many Linux and OSX platforms, and might work + elsewhere too. To run this, install calltool from + https://gitweb.torproject.org/user/nickm/calltool.git and run + "make callgraph". Closes ticket 19307. diff --git a/changes/21148 b/changes/21148 new file mode 100644 index 0000000000..4e3c332279 --- /dev/null +++ b/changes/21148 @@ -0,0 +1,4 @@ + o Documentation: + - Restore documentation for the authorities' "approved-routers" file. + Closes ticket 21148. + diff --git a/changes/bug15645 b/changes/bug15645 new file mode 100644 index 0000000000..781d20e092 --- /dev/null +++ b/changes/bug15645 @@ -0,0 +1,3 @@ + o Documentation: + - Document all values of PublishServerDescriptor in the manpage. + Closes ticket 15645. diff --git a/changes/bug16082 b/changes/bug16082 deleted file mode 100644 index 0f2f04fb35..0000000000 --- a/changes/bug16082 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Correctly note that bandwidth accounting values are stored in the - state file, and the bw_accounting file is now obsolete. Closes - ticket 16082. diff --git a/changes/bug17639 b/changes/bug17639 new file mode 100644 index 0000000000..4073514fd4 --- /dev/null +++ b/changes/bug17639 @@ -0,0 +1,4 @@ + o Minor features: + - Add a new commandline option, --key-expiration, which prints when + the current signing key is going to expire. Implements ticket + 17639; patch by Isis Lovecruft. diff --git a/changes/bug17750 b/changes/bug17750 new file mode 100644 index 0000000000..eb77b77ab0 --- /dev/null +++ b/changes/bug17750 @@ -0,0 +1,4 @@ + o Minor bugfixes (directory downloads): + - Make clients wait for 6 seconds before trying to download their + consensus from an authority. + Fixes bug 17750, bugfix on 0.2.8.1-alpha. diff --git a/changes/bug18982 b/changes/bug18982 new file mode 100644 index 0000000000..bb0383d136 --- /dev/null +++ b/changes/bug18982 @@ -0,0 +1,6 @@ + o Minor bugfixes (circuit logging): + - torspec says hop counts are 1-based, so fix two log messages + that mistakenly logged 0-based hop counts. + Closes ticket 18982, bugfix on 0275b6876 in tor 0.2.6.2-alpha + and 907db008a in tor 0.2.4.5-alpha. Patch by teor. + Credit to Xiaofan Li for reporting this issue. diff --git a/changes/bug19281 b/changes/bug19281 new file mode 100644 index 0000000000..1586ba34f3 --- /dev/null +++ b/changes/bug19281 @@ -0,0 +1,5 @@ + o Minor bugfixes (correctness, controller): + - Make the controller's write_escaped_data() function robust to extremely + long inputs. Right now, it doesn't actually receive any extremely + long inputs, so this is for defense in depth. Fixes bug 19281; + bugfix on 0.1.1.1-alpha. Reported by Guido Vranken. diff --git a/changes/bug19476 b/changes/bug19476 new file mode 100644 index 0000000000..25a0578686 --- /dev/null +++ b/changes/bug19476 @@ -0,0 +1,3 @@ + o Minor changes: + - If we fail to write a heartbeat message, schedule a retry for the minimum + heartbeat interval number of seconds in the future. Fixes bug 19476. diff --git a/changes/bug19648 b/changes/bug19648 new file mode 100644 index 0000000000..e8c2a6a094 --- /dev/null +++ b/changes/bug19648 @@ -0,0 +1,5 @@ + o Minor bugfixes (logging): + - When logging the number of descriptors we intend to download per + directory request, do not log a number higher than then the + number of descriptors we're fetching in total. Fixes bug 19648; + bugfix on 0.1.1.8-alpha. diff --git a/changes/bug19871 b/changes/bug19871 new file mode 100644 index 0000000000..5f1c9dc802 --- /dev/null +++ b/changes/bug19871 @@ -0,0 +1,4 @@ + o Code refactoring: + - Remove dead code for largely unused statistics on the number of + times we've attempted various public key operations. Fixes bug + 19871; fix by Isis Lovecruft. Bugfix on 0.1.2.4-alpha. diff --git a/changes/bug22212 b/changes/bug22212 deleted file mode 100644 index f92d6701d3..0000000000 --- a/changes/bug22212 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (netflow padding logging): - - Demote a warn that was caused by libevent delays to info if - the padding is less than 4.5 seconds late, or notice if it is more - (4.5 seconds is the amount of time that a netflow record might - be emitted after, if we chose the maximum timeout). Fixes bug #22212. diff --git a/changes/bug22347 b/changes/bug22347 deleted file mode 100644 index f294ba0a2d..0000000000 --- a/changes/bug22347 +++ /dev/null @@ -1,2 +0,0 @@ - o Documentation: - - Add a manpage description for the key-pinning-journal file. diff --git a/changes/bug22356 b/changes/bug22356 deleted file mode 100644 index 0082b542be..0000000000 --- a/changes/bug22356 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (logging, relay): - - Downgrade "assigned_to_cpuworker failed" message to INFO-level - severity. In every case that can reach it, either a better warning - has already been logged, or no warning is warranted. Fixes bug 22356; - bugfix on 0.2.6.3-alpha. diff --git a/changes/bug22400_01 b/changes/bug22400_01 deleted file mode 100644 index 454c5f746f..0000000000 --- a/changes/bug22400_01 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (entry guards): - - When starting with an old consensus, do not add new entry guards - unless the consensus is "reasonably live" (under 1 day old). Fixes - one root cause of bug 22400; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug22497 b/changes/bug22497 new file mode 100644 index 0000000000..8cde87ff79 --- /dev/null +++ b/changes/bug22497 @@ -0,0 +1,4 @@ + o Code simplification and refactoring: + - Use our test macros more consistently, to produce more useful + error messages when our unit tests fail. Add coccinelle patches + to allow us to re-check for test macro uses. Closes ticket 22497. diff --git a/changes/bug22502_part1 b/changes/bug22502_part1 deleted file mode 100644 index bd95b7c7c4..0000000000 --- a/changes/bug22502_part1 +++ /dev/null @@ -1,12 +0,0 @@ - o Major bugfixes (compression, zstd): - - Correctly detect a full buffer when decompessing a large - zstd-compressed input. Fixes bug 22628; bugfix on 0.3.1.1-alpha. - - o Minor bugfixes (compression): - - When compressing or decompressing a buffer, check for a failure to - create a compression object. Fixes bug 22626; bugfix on - 0.3.1.1-alpha. - - - When decompressing a buffer, check for extra data after the end of - the compressed data. Fixes bug 22629; bugfix on 0.3.1.1-alpha. - diff --git a/changes/bug22516 b/changes/bug22516 deleted file mode 100644 index f024a3c470..0000000000 --- a/changes/bug22516 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (linux seccomp2 sandbox): - - Permit the fchmod system call, to avoid crashing on startup when - starting with the seccomp2 sandbox and an unexpected set of permissions - on the data directory or its contents. Fixes bug 22516; bugfix on - 0.2.5.4-alpha. diff --git a/changes/bug22669 b/changes/bug22669 deleted file mode 100644 index 804a39e781..0000000000 --- a/changes/bug22669 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compression): - - When serving directory votes compressed with zlib, - do not claim to have compressed them with zstd. Fixes bug 22669; - bugfix on 0.3.1.1-alpha. diff --git a/changes/bug22670 b/changes/bug22670 deleted file mode 100644 index 47403277d2..0000000000 --- a/changes/bug22670 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (logging, compression): - - When decompressing, do not warn if we fail to decompress using a - compression method that we merely guessed. Fixes part of - bug 22670; bugfix on 0.1.1.14-alpha. diff --git a/changes/bug22670_02 b/changes/bug22670_02 deleted file mode 100644 index 3e7a428faf..0000000000 --- a/changes/bug22670_02 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (logging, compression): - - When decompressing, treat mismatch between content-encoding and - actual compression type as a protocol warning. Fixes part of bug - 22670; bugfix on 0.1.1.9-alpha. diff --git a/changes/bug22670_03 b/changes/bug22670_03 deleted file mode 100644 index 8a7aa49bcd..0000000000 --- a/changes/bug22670_03 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (compression): - - When decompressing an object received over an anonymous directory - connection, if we have already successfully decompressed it using an - acceptable compression method, do not reject it for looking like an - unacceptable compression method. Fixes part of bug 22670; bugfix on - 0.3.1.1-alpha. diff --git a/changes/bug22672 b/changes/bug22672 deleted file mode 100644 index ec6681149d..0000000000 --- a/changes/bug22672 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (compression, defensive programming): - - Detect and break out of infinite loops in our compression code. - We don't think that any such loops exist now, but it's best to be - safe. Closes ticket 22672. - diff --git a/changes/bug22677 b/changes/bug22677 new file mode 100644 index 0000000000..6d750172a9 --- /dev/null +++ b/changes/bug22677 @@ -0,0 +1,3 @@ + o Documentation: + - Clarify in the manual that "Sandbox 1" is only supported on Linux + kernels. Closes ticket 22677. diff --git a/changes/bug22702 b/changes/bug22702 deleted file mode 100644 index a2044c70bf..0000000000 --- a/changes/bug22702 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (directory protocol): - - Ensure that we sent "304 Not modified" as HTTP status code when a - client is attempting to fetch a consensus or consensus diff that - matches the latest consensus we have available. Fixes bug 22702; - bugfix on 0.3.1.1-alpha. diff --git a/changes/bug22719 b/changes/bug22719 deleted file mode 100644 index bfcda0a4e1..0000000000 --- a/changes/bug22719 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (compression): - - When spooling compressed data to an output buffer, don't try to - spool more data when there is no more data to spool and we are - not trying to flush the input. Previously, we would sometimes - launch compression requests with nothing to do, which interferes - with our 22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha. - diff --git a/changes/bug22720 b/changes/bug22720 deleted file mode 100644 index 4893b577f0..0000000000 --- a/changes/bug22720 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes (process behavior): - - When exiting because of an error, always exit with a nonzero - exit status. Previously, we would fail to report an error in - our exit status in cases related to lockfile contention, - __OwningControllerProcess failure, and Ed25519 key - initialization. Fixes bug 22720; bugfix on versions - 0.2.1.6-alpha, 0.2.2.28-beta, and 0.2.7.2-alpha - respectively. Reported by "f55jwk4f"; patch from "huyvq". - diff --git a/changes/bug22731 b/changes/bug22731 new file mode 100644 index 0000000000..acb65d56e5 --- /dev/null +++ b/changes/bug22731 @@ -0,0 +1,5 @@ + o Minor features (relay, configuration): + - Reject attempts to use relative file paths when RunAsDaemon is set. + Previously, Tor would accept these, but the directory-changing step + of RunAsDaemon would give strange and/or confusing results. + Closes ticket 22731. diff --git a/changes/bug22737 b/changes/bug22737 deleted file mode 100644 index f0de8e6c41..0000000000 --- a/changes/bug22737 +++ /dev/null @@ -1,12 +0,0 @@ - o Minor bugfixes (defensive programming, undefined behavior): - - - Fix a memset() off the end of an array when packing cells. This - bug should be harmless in practice, since the corrupted bytes - are still in the same structure, and are always padding bytes, - ignored, or immediately overwritten, depending on compiler - behavior. Nevertheless, because the memset()'s purpose is to - make sure that any other cell-handling bugs can't expose bytes - to the network, we need to fix it. Fixes bug 22737; bugfix on - 0.2.4.11-alpha. Fixes CID 1401591. - - diff --git a/changes/bug22751 b/changes/bug22751 deleted file mode 100644 index 714525c8af..0000000000 --- a/changes/bug22751 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (compression): - - Fix crash in LZMA module, when the Sandbox is enabled, where - liblzma would allocate more than 16 MB of memory. We solve this - by bumping the mprotect() limit in the Sandbox module from 16 MB - to 20 MB. Fixes bug 22751; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug22753 b/changes/bug22753 deleted file mode 100644 index 32a6dfa56c..0000000000 --- a/changes/bug22753 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (path selection, security): - - When choosing which guard to use for a circuit, avoid the - exit's family along with the exit itself. Previously, the new - guard selection logic avoided the exit, but did not consider - its family. Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked - as TROVE-2016-006 and CVE-2017-0377. - diff --git a/changes/bug22779 b/changes/bug22779 new file mode 100644 index 0000000000..dc5bc3859c --- /dev/null +++ b/changes/bug22779 @@ -0,0 +1,4 @@ + o Minor features (client, entry guards): + - Add an extra check to make sure that we always use the + new guard selection code for picking our guards. Closes + ticket 22779. diff --git a/changes/bug22802 b/changes/bug22802 new file mode 100644 index 0000000000..7255164fd4 --- /dev/null +++ b/changes/bug22802 @@ -0,0 +1,10 @@ + o Minor bugfixes (format strictness): + - Restrict several data formats to decimal. Previously, the + BuildTimeHistogram entries in the state file, the "bw=" entries in the + bandwidth authority file, and process IDs passed to the + __OwningControllerProcess option could all be specified in hex or octal + as well as in decimal. This was not an intentional feature. + Fixes bug 22802; bugfixes on 0.2.2.1-alpha, 0.2.2.2-alpha, and + 0.2.2.28-beta. + + diff --git a/changes/bug22885 b/changes/bug22885 new file mode 100644 index 0000000000..d95e879eb8 --- /dev/null +++ b/changes/bug22885 @@ -0,0 +1,5 @@ + o Minor bugfixes (relay): + - When uploading our descriptor for the first time after startup, + report the reason for uploading as "Tor just started" rather than + leaving it blank. Fixes bug 22885; bugfix on 0.2.3.4-alpha. + diff --git a/changes/bug22924 b/changes/bug22924 new file mode 100644 index 0000000000..e59fc724eb --- /dev/null +++ b/changes/bug22924 @@ -0,0 +1,4 @@ + o Minor bugfies (tests): + - Fix a signed-integer overflow in the unit tests for + dir/download_status_random_backoff, which was untriggered until we + fixed bug 17750. Fixes bug 22924; bugfix on 0.2.9.1-alpha. diff --git a/changes/bug23026 b/changes/bug23026 new file mode 100644 index 0000000000..b00745cfa3 --- /dev/null +++ b/changes/bug23026 @@ -0,0 +1,4 @@ + o Code simplification and refactoring: + - Rename the obsolete malleable hybrid_encrypt functions used in + TAP and old hidden services to indicate that they aren't suitable + for new protocols or formats. Closes ticket 23026. diff --git a/changes/bug23054 b/changes/bug23054 new file mode 100644 index 0000000000..39006cd807 --- /dev/null +++ b/changes/bug23054 @@ -0,0 +1,4 @@ + o Minor features (static analysis): + - The BUG() macro has been changed slightly so that Coverity no + longer complains about dead code if the bug is impossible. Closes + ticket 23054. diff --git a/changes/bug23055 b/changes/bug23055 new file mode 100644 index 0000000000..eee1397c13 --- /dev/null +++ b/changes/bug23055 @@ -0,0 +1,4 @@ + o Minor bugfixes (certificate handling): + - Fix a time handling bug in Tor certificates set to expire after + the year 2106. Fixes bug 23055; bugfix on 0.3.0.1-alpha. + Found by Coverity as CID 1415728. diff --git a/changes/bug23091 b/changes/bug23091 new file mode 100644 index 0000000000..7dfb7e4180 --- /dev/null +++ b/changes/bug23091 @@ -0,0 +1,6 @@ + o Minor bugfixes (consensus expiry): + - Tor would reconsider updating its directory information every 2 minutes + instead of only doing it for a consensus that is more than 24 hours old + (badly expired). This specific check is done in the tor main loop + callback that validates if we have an expired consensus. Fixes bug + 23091; bugfix on tor-0.2.0.19-alpha. diff --git a/changes/bug23098 b/changes/bug23098 new file mode 100644 index 0000000000..2075f13ba7 --- /dev/null +++ b/changes/bug23098 @@ -0,0 +1,4 @@ + o Minor bugfixes (portability): + - Stop using the PATH_MAX variable. The variable is not defined in + GNU Hurd which prevents Tor from being built. Fixes bug 23098; + bugfix on 0.3.1.1-alpha. diff --git a/changes/bug23106 b/changes/bug23106 new file mode 100644 index 0000000000..d4ced15f82 --- /dev/null +++ b/changes/bug23106 @@ -0,0 +1,5 @@ + o Minor bugfixes (code correctness): + - Call htons() in extend_cell_format() for encoding a 16-bit + value. Previously we used ntohs(), which happens to behave the + same on all the platforms we support, but which isn't really + correct. Fixes bug 23106; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug23220 b/changes/bug23220 new file mode 100644 index 0000000000..9c2efc959a --- /dev/null +++ b/changes/bug23220 @@ -0,0 +1,7 @@ + o Minor features (client directory bandwidth tuning): + + - When downloading (micro)descriptors, don't split the list of + descriptors into multiple requests unless there are at least 32 + descriptors that we want. Previously, we split at 4, not 32, which + could lead to significant overhead in HTTP request size and + degradation in compression performance. Closes ticket 23220. diff --git a/changes/bug23347 b/changes/bug23347 new file mode 100644 index 0000000000..e73aa48f01 --- /dev/null +++ b/changes/bug23347 @@ -0,0 +1,9 @@ + o Minor fixes (bridge client bootstrap): + - Make bridge clients with no running bridges try to download + bridge descriptors immediately. But when bridge clients have + running bridges, make them wait at least 3 hours before + refreshing recently received bridge descriptors. + Download schedules used to start with an implicit 0, but the + fix for 17750 changed this undocumented behaviour, and made + bridge clients hang for 15 minutes before bootstrapping. + Fixes bug 23347, not in any released version of Tor. diff --git a/changes/bug23366 b/changes/bug23366 new file mode 100644 index 0000000000..85e370f61d --- /dev/null +++ b/changes/bug23366 @@ -0,0 +1,4 @@ + o Minor bugfixes (test): + - Fix a broken OutboundAddress option unit test because the parsing + function was never returning an error on failure. Fixes bug #23366.; + bugfix on tor-0.3.0.3-alpha. diff --git a/changes/bug23470 b/changes/bug23470 new file mode 100644 index 0000000000..33367b3a30 --- /dev/null +++ b/changes/bug23470 @@ -0,0 +1,6 @@ + o Minor bugfix (relay address resolution): + - Avoid unnecessary calls to directory_fetches_from_authorities() + on relays. This avoids spurious address resolutions and + descriptor rebuilds. This is a mitigation for 21789. The original + bug was introduced in commit 35bbf2e as part of prop210. + Fixes 23470 in 0.2.8.1-alpha. diff --git a/changes/bug23499 b/changes/bug23499 new file mode 100644 index 0000000000..e53b03c34e --- /dev/null +++ b/changes/bug23499 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Directory servers now include a "Date:" http header for response + codes other than 200. Clients starting with a skewed clock and a + recent consensus were getting "304 Not modified" responses from + directory authorities, so without a Date header the client would + never hear about a wrong clock. Fixes bug 23499; bugfix on 0.0.8rc1. diff --git a/changes/bug23506 b/changes/bug23506 new file mode 100644 index 0000000000..f2efad4e7e --- /dev/null +++ b/changes/bug23506 @@ -0,0 +1,4 @@ + o Major bugfixes (usability, control port): + - Report trusted clock skew indications as bootstrap errors, so + controllers can more easily alert users. Fixes bug 23506; + bugfix on 0.1.2.6-alpha. diff --git a/changes/bug23524 b/changes/bug23524 new file mode 100644 index 0000000000..c8ece52930 --- /dev/null +++ b/changes/bug23524 @@ -0,0 +1,4 @@ + o Minor bugfixes (DoS-resistance): + - If future code asks if there are any running bridges, without checking + if bridges are enabled, log a BUG warning rather than crashing. + Fixes 23524 on 0.3.0.1-alpha. diff --git a/changes/bug23525 b/changes/bug23525 new file mode 100644 index 0000000000..3a9c766c3a --- /dev/null +++ b/changes/bug23525 @@ -0,0 +1,6 @@ + o Minor bugfixes (control port): + - Make download status next attempts reported over the control port + consistent with the time used by tor. This issue only occurs if a + download status has not been reset before it is queried over the + control port. + Fixes 23525, not in any released version of tor. diff --git a/changes/bug23532 b/changes/bug23532 new file mode 100644 index 0000000000..3eb2345cea --- /dev/null +++ b/changes/bug23532 @@ -0,0 +1,5 @@ + o Minor bugfixes (usability, control port): + - Stop making an unnecessary routerlist check in NETINFO clock + skew detection; this was preventing clients from reporting + NETINFO clock skew to controllers. Fixes bug 23532; bugfix on + 0.2.4.4-alpha. diff --git a/changes/diagnose_22752 b/changes/diagnose_22752 deleted file mode 100644 index b5bda05ec0..0000000000 --- a/changes/diagnose_22752 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (bug mitigation, diagnostics, logging): - - Avoid an assertion failure, and log a better error message, - when unable to remove a file from the consensus cache on - Windows. Attempts to mitigate and diagnose bug 22752. diff --git a/changes/doc20152 b/changes/doc20152 new file mode 100644 index 0000000000..8b044e56df --- /dev/null +++ b/changes/doc20152 @@ -0,0 +1,3 @@ + o Documentation: + - Improve the documentation for the directory port part of the + DirAuthority line. Closes ticket 20152. diff --git a/changes/feature20119_1 b/changes/feature20119_1 new file mode 100644 index 0000000000..69914f210b --- /dev/null +++ b/changes/feature20119_1 @@ -0,0 +1,3 @@ + o Minor features (startup, safety): + - When configured to write a PID file, Tor now exits if it is unable to + do so. Previously, it would warn and continue. Closes ticket 20119. diff --git a/changes/feature22407 b/changes/feature22407 new file mode 100644 index 0000000000..aec6c15f46 --- /dev/null +++ b/changes/feature22407 @@ -0,0 +1,5 @@ + o Minor features (client): + - You can now use Tor as a tunneled HTTP proxy: use the HTTPTunnelPort + option to open a port that accepts HTTP CONNECT requests. + Closes ticket 22407. + diff --git a/changes/feature22976 b/changes/feature22976 new file mode 100644 index 0000000000..407fd15b0a --- /dev/null +++ b/changes/feature22976 @@ -0,0 +1,8 @@ + o Minor features (integration, hardening): + - Added a new NoExec option, to prevent Tor from running + other programs. When this option is set to 1, + Tor will never try to run another program, regardless of + the settings of PortForwardingHelper, ClientTransportPlugin, + or ServerTransportPlugin. Once NoExec is set, it cannot be + disabled without restarting Tor. + Closes ticket 22976. diff --git a/changes/feature23090 b/changes/feature23090 new file mode 100644 index 0000000000..44cdac5ca1 --- /dev/null +++ b/changes/feature23090 @@ -0,0 +1,3 @@ + o Minor features (linux seccomp2 sandbox): + - If the sandbox filter fails to load, suggest to the user that their + kernel might not support seccomp2. Closes ticket 23090. diff --git a/changes/feature23237 b/changes/feature23237 new file mode 100644 index 0000000000..261577261c --- /dev/null +++ b/changes/feature23237 @@ -0,0 +1,4 @@ + o Minor features (controller): + - Added new GETINFO targets ip-to-country/{ipv4,ipv6}-available, so + controllers can tell whether the geoip databases are loaded. + Closes ticket 23237. diff --git a/changes/geoip-june2017 b/changes/geoip-june2017 deleted file mode 100644 index 2ea7bf105e..0000000000 --- a/changes/geoip-june2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/more-files b/changes/more-files deleted file mode 100644 index 861d6a3143..0000000000 --- a/changes/more-files +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Document more of the files in the Tor data directory, including - cached-extrainfo, secret_onion_key{,_ntor}.old, hidserv-stats, - approved-routers, sr-random, and diff-cache. diff --git a/changes/new_requirement_pkgconfig b/changes/new_requirement_pkgconfig deleted file mode 100644 index 503ff58c9e..0000000000 --- a/changes/new_requirement_pkgconfig +++ /dev/null @@ -1,5 +0,0 @@ - o New dependencies: - - To build with zstd and lzma support, Tor now requires the - pkg-config tool at build time. (This requirement was new in - 0.3.1.1-alpha, but was not noted at the time. Noting it here to - close ticket 22623.) diff --git a/changes/prop224 b/changes/prop224 new file mode 100644 index 0000000000..9401ff7835 --- /dev/null +++ b/changes/prop224 @@ -0,0 +1,36 @@ + o Major features (next-generation onion services): + - Tor now supports the next-generation onion services protocol for clients + and services! As part of this release, the core of proposal 224 has been + implemented and is available for experimentation and testing by our + users. This newer version of onion services (v3) features various + improvements over the legacy system: + a) Better crypto (replaced SHA1/DH/RSA1024 with SHA3/ed25519/curve25519) + b) Improved directory protocol leaking less to directory servers. + c) Improved directory protocol with smaller surface for targeted attacks. + d) Better onion address security against impersonation. + e) More extensible introduction/rendezvous protocol. + f) A cleaner and more modular codebase. + + Furthermore, as part of this update, onion addresses increase in length + and are now 56 characters long: + 4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion + + In the future, we will be releasing more options and features but we + first need a testing period, so that the current codebase matures and + becomes more robust. Here are some of the features we have planned: + 1) Offline keys for onion services + 2) Advanced client authorization for onion services + 3) Improved guard algorithm for onion services + 4) Next-gen onion service statistics + + Please see our proposal for more details: + https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt + + The default version for onion services remains v2 (the legacy system) + until this new codebase gets tested and hardened. + + Service operators who want to experiment with the new system can use the + 'HiddenServiceVersion 3' torrc directive along with the regular onion + service configuration options. + + We will publish a blog post about this new feature soon! Enjoy! diff --git a/changes/refactor-buffer b/changes/refactor-buffer new file mode 100644 index 0000000000..36b0296728 --- /dev/null +++ b/changes/refactor-buffer @@ -0,0 +1,3 @@ + o Code simplifications and refactoring: + - Split the portions of the buffer.c module that handle particular + protocols into separate modules. Part of ticket 23149. diff --git a/changes/ticket20488 b/changes/ticket20488 new file mode 100644 index 0000000000..ad1b874372 --- /dev/null +++ b/changes/ticket20488 @@ -0,0 +1,5 @@ + o Minor features (logging, UI): + - Improve the warning message for specifying a relay by nickname. + The previous message implied that nickname registration was still + part of the Tor network design, which it isn't. Closes ticket 20488. + diff --git a/changes/ticket21031 b/changes/ticket21031 new file mode 100644 index 0000000000..79ad5267b5 --- /dev/null +++ b/changes/ticket21031 @@ -0,0 +1,5 @@ + o Removed features: + - The ClientDNSRejectInternalAddresses flag can no longer be set on + non-testing networks. It has been deprecated since 0.2.9.2-alpha. + Closes ticket 21031. + diff --git a/changes/ticket22215 b/changes/ticket22215 new file mode 100644 index 0000000000..4abeaf2c53 --- /dev/null +++ b/changes/ticket22215 @@ -0,0 +1,5 @@ + o Code simplification and refactoring: + - Remove some of the code that once supported "Named" and "Unnamed" + routers. Authorities no longer vote for these flags. Closes ticket + 23478. + diff --git a/changes/ticket22281 b/changes/ticket22281 new file mode 100644 index 0000000000..95787580ff --- /dev/null +++ b/changes/ticket22281 @@ -0,0 +1,3 @@ + o Minor features (bug detection): + - Log a warning message, with stack trace, for any attempt to call + get_options() during option validation. Closes ticket 22281. diff --git a/changes/ticket22377 b/changes/ticket22377 new file mode 100644 index 0000000000..4f15c16204 --- /dev/null +++ b/changes/ticket22377 @@ -0,0 +1,4 @@ + o Removed features: + - The controller API no longer includes an AUTHDIR_NEWDESCS event: + nobody was using it any longer. Closes ticket 22377. + diff --git a/changes/ticket22437 b/changes/ticket22437 new file mode 100644 index 0000000000..8e4c9630c8 --- /dev/null +++ b/changes/ticket22437 @@ -0,0 +1,4 @@ + o Testing: + - The default chutney network tests now include tests for the + v3 hidden service design. Make sure you have the latest + version of chutney if you want to run these. Closes ticket 22437. diff --git a/changes/ticket22521 b/changes/ticket22521 new file mode 100644 index 0000000000..15a6218fa7 --- /dev/null +++ b/changes/ticket22521 @@ -0,0 +1,3 @@ + o Code simplification and refactoring: + - Replace our STRUCT_OFFSET() macro with offsetof(). Closes + ticket 22521. Patch from Neel Chauhan. diff --git a/changes/ticket22750 b/changes/ticket22750 deleted file mode 100644 index 6bc1fb2639..0000000000 --- a/changes/ticket22750 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (logging, sandbox): - - Use the correct system call in sandbox error messages. Fixes bug - 22750; bugfix on 0.2.5.1-alpha. diff --git a/changes/ticket22895 b/changes/ticket22895 new file mode 100644 index 0000000000..a3f7b86019 --- /dev/null +++ b/changes/ticket22895 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - Fix unused variable warnings in donna's Curve25519 SSE2 code. + Fixes bug 22895; bugfix on 0.2.7.2-alpha. |