From 85c0ba1cfb08adb08d674a549d4cfbe7ee050b31 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 15 Jun 2020 16:43:09 -0400 Subject: forward-port changelog and release-notes from 0.4.3.5 --- ChangeLog | 39 ++++ ReleaseNotes | 614 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 653 insertions(+) diff --git a/ChangeLog b/ChangeLog index 1efcbcf00f..9ddbfa95fd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,42 @@ +Changes in version 0.4.3.5 - 2020-05-15 + Tor 0.4.3.5 is the first stable release in the 0.4.3.x series. This + series adds support for building without relay code enabled, and + implements functionality needed for OnionBalance with v3 onion + services. It includes significant refactoring of our configuration and + controller functionality, and fixes numerous smaller bugs and + performance issues. + + Per our support policy, we support each stable release series for nine + months after its first stable release, or three months after the first + stable release of the next series: whichever is longer. This means + that 0.4.3.x will be supported until around February 2021--later, if + 0.4.4.x is later than anticipated. + + Note also that support for 0.4.1.x is about to end on May 20 of this + year; 0.4.2.x will be supported until September 15. We still plan to + continue supporting 0.3.5.x, our long-term stable series, until + Feb 2022. + + Below are the changes since 0.4.3.4-rc. For a complete list of changes + since 0.4.2.6, see the ReleaseNotes file. + + o Minor bugfixes (compiler compatibility): + - Avoid compiler warnings from Clang 10 related to the use of GCC- + style "/* falls through */" comments. Both Clang and GCC allow + __attribute__((fallthrough)) instead, so that's what we're using + now. Fixes bug 34078; bugfix on 0.3.1.3-alpha. + - Fix compilation warnings with GCC 10.0.1. Fixes bug 34077; bugfix + on 0.4.0.3-alpha. + + o Minor bugfixes (logging): + - Stop truncating IPv6 addresses and ports in channel and connection + logs. Fixes bug 33918; bugfix on 0.2.4.4-alpha. + - Fix a logic error in a log message about whether an address was + invalid. Previously, the code would never report that onion + addresses were onion addresses. Fixes bug 34131; bugfix + on 0.4.3.1-alpha. + + Changes in version 0.4.3.4-rc - 2020-04-13 Tor 0.4.3.4-rc is the first release candidate in its series. It fixes several bugs from earlier versions, including one affecting DoS diff --git a/ReleaseNotes b/ReleaseNotes index a241da3027..a572293c07 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -3,6 +3,620 @@ release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.4.3.5 - 2020-05-15 + Tor 0.4.3.5 is the first stable release in the 0.4.3.x series. This + series adds support for building without relay code enabled, and + implements functionality needed for OnionBalance with v3 onion + services. It includes significant refactoring of our configuration and + controller functionality, and fixes numerous smaller bugs and + performance issues. + + Per our support policy, we support each stable release series for nine + months after its first stable release, or three months after the first + stable release of the next series: whichever is longer. This means + that 0.4.3.x will be supported until around February 2021--later, if + 0.4.4.x is later than anticipated. + + Note also that support for 0.4.1.x is about to end on May 20 of this + year; 0.4.2.x will be supported until September 15. We still plan to + continue supporting 0.3.5.x, our long-term stable series, until + Feb 2022. + + Below are the changes since 0.4.2.6. For a list of only the changes + since 0.4.3.4-rc, see the ChangeLog file. + + o New system requirements: + - When building Tor, you now need to have Python 3 in order to run + the integration tests. (Python 2 is officially unsupported + upstream, as of 1 Jan 2020.) Closes ticket 32608. + + o Major features (build system): + - The relay code can now be disabled using the --disable-module-relay + configure option. When this option is set, we also disable the + dirauth module. Closes ticket 32123. + - When Tor is compiled --disable-module-relay, we also omit the code + used to act as a directory cache. Closes ticket 32487. + + o Major features (directory authority, ed25519): + - Add support for banning a relay's ed25519 keys in the approved- + routers file. This will help us migrate away from RSA keys in the + future. Previously, only RSA keys could be banned in approved- + routers. Resolves ticket 22029. Patch by Neel Chauhan. + + o Major features (onion services): + - New control port commands to manage client-side onion service + authorization credentials. The ONION_CLIENT_AUTH_ADD command adds + a credential, ONION_CLIENT_AUTH_REMOVE deletes a credential, and + ONION_CLIENT_AUTH_VIEW lists the credentials. Closes ticket 30381. + - Introduce a new SocksPort flag, ExtendedErrors, to support more + detailed error codes in information for applications that support + them. Closes ticket 30382; implements proposal 304. + + o Major features (proxy): + - In addition to its current supported proxy types (HTTP CONNECT, + SOCKS4, and SOCKS5), Tor can now make its OR connections through a + HAProxy server. A new torrc option was added to specify the + address/port of the server: TCPProxy :. + Currently the only supported protocol for the option is haproxy. + Closes ticket 31518. Patch done by Suphanat Chunhapanya (haxxpop). + + o Major bugfixes (security, denial-of-service): + - Fix a denial-of-service bug that could be used by anyone to + consume a bunch of CPU on any Tor relay or authority, or by + directories to consume a bunch of CPU on clients or hidden + services. Because of the potential for CPU consumption to + introduce observable timing patterns, we are treating this as a + high-severity security issue. Fixes bug 33119; bugfix on + 0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue + as TROVE-2020-002 and CVE-2020-10592. + + o Major bugfixes (circuit padding, memory leak): + - Avoid a remotely triggered memory leak in the case that a circuit + padding machine is somehow negotiated twice on the same circuit. + Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls. + This is also tracked as TROVE-2020-004 and CVE-2020-10593. + + o Major bugfixes (directory authority): + - Directory authorities will now send a 503 (not enough bandwidth) + code to clients when under bandwidth pressure. Known relays and + other authorities will always be answered regardless of the + bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha. + + o Major bugfixes (DoS defenses, bridges, pluggable transport): + - Fix a bug that was preventing DoS defenses from running on bridges + with a pluggable transport. Previously, the DoS subsystem was not + given the transport name of the client connection, thus failed to + find the GeoIP cache entry for that client address. Fixes bug + 33491; bugfix on 0.3.3.2-alpha. + + o Major bugfixes (networking): + - Correctly handle IPv6 addresses in SOCKS5 RESOLVE_PTR requests, + and accept strings as well as binary addresses. Fixes bug 32315; + bugfix on 0.3.5.1-alpha. + + o Major bugfixes (onion service): + - Report HS circuit failure back into the HS subsystem so we take + appropriate action with regards to the client introduction point + failure cache. This improves reachability of onion services, since + now clients notice failing introduction circuits properly. Fixes + bug 32020; bugfix on 0.3.2.1-alpha. + + o Minor feature (heartbeat, onion service): + - Add the DoS INTRODUCE2 defenses counter to the heartbeat DoS + message. Closes ticket 31371. + + o Minor feature (sendme, flow control): + - Default to sending SENDME version 1 cells. (Clients are already + sending these, because of a consensus parameter telling them to do + so: this change only affects what clients would do if the + consensus didn't contain a recommendation.) Closes ticket 33623. + + o Minor features (best practices tracker): + - Practracker now supports a --regen-overbroad option to regenerate + the exceptions file, but only to revise exceptions to be _less_ + tolerant of best-practices violations. Closes ticket 32372. + + o Minor features (configuration validation): + - Configuration validation can now be done by per-module callbacks, + rather than a global validation function. This will let us reduce + the size of config.c and some of its more cumbersome functions. + Closes ticket 31241. + + o Minor features (configuration): + - If a configured hardware crypto accelerator in AccelName is + prefixed with "!", Tor now exits when it cannot be found. Closes + ticket 32406. + - We now use flag-driven logic to warn about obsolete configuration + fields, so that we can include their names. In 0.4.2, we used a + special type, which prevented us from generating good warnings. + Implements ticket 32404. + + o Minor features (configure, build system): + - Output a list of enabled/disabled features at the end of the + configure process in a pleasing way. Closes ticket 31373. + + o Minor features (continuous integration): + - Run Doxygen Makefile target on Travis, so we can learn about + regressions in our internal documentation. Closes ticket 32455. + - Stop allowing failures on the Travis CI stem tests job. It looks + like all the stem hangs we were seeing before are now fixed. + Closes ticket 33075. + + o Minor features (controller): + - Add stream isolation data to STREAM event. Closes ticket 19859. + - Implement a new GETINFO command to fetch microdescriptor + consensus. Closes ticket 31684. + + o Minor features (debugging, directory system): + - Don't crash when we find a non-guard with a guard-fraction value + set. Instead, log a bug warning, in an attempt to figure out how + this happened. Diagnostic for ticket 32868. + + o Minor features (defense in depth): + - Add additional checks around tor_vasprintf() usage, in case the + function returns an error. Patch by Tobias Stoeckmann. Fixes + ticket 31147. + + o Minor features (developer tools): + - Remove the 0.2.9.x series branches from git scripts (git-merge- + forward.sh, git-pull-all.sh, git-push-all.sh, git-setup-dirs.sh). + Closes ticket 32772. + - Add a check_cocci_parse.sh script that checks that new code is + parseable by Coccinelle. Add an exceptions file for unparseable + files, and run the script from travis CI. Closes ticket 31919. + - Call the check_cocci_parse.sh script from a 'check-cocci' Makefile + target. Closes ticket 31919. + - Add a rename_c_identifiers.py tool to rename a bunch of C + identifiers at once, and generate a well-formed commit message + describing the change. This should help with refactoring. Closes + ticket 32237. + - Add some scripts in "scripts/coccinelle" to invoke the Coccinelle + semantic patching tool with the correct flags. These flags are + fairly easy to forget, and these scripts should help us use + Coccinelle more effectively in the future. Closes ticket 31705. + + o Minor features (diagnostic): + - Improve assertions and add some memory-poisoning code to try to + track down possible causes of a rare crash (32564) in the EWMA + code. Closes ticket 33290. + + o Minor features (directory authorities): + - Directory authorities now reject descriptors from relays running + Tor versions from the 0.2.9 and 0.4.0 series. The 0.3.5 series is + still allowed. Resolves ticket 32672. Patch by Neel Chauhan. + + o Minor features (Doxygen): + - Update Doxygen configuration file to a more recent template (from + 1.8.15). Closes ticket 32110. + - "make doxygen" now works with out-of-tree builds. Closes + ticket 32113. + - Make sure that doxygen outputs documentation for all of our C + files. Previously, some were missing @file declarations, causing + them to be ignored. Closes ticket 32307. + - Our "make doxygen" target now respects --enable-fatal-warnings by + default, and does not warn about items that are missing + documentation. To warn about missing documentation, run configure + with the "--enable-missing-doc-warnings" flag: doing so suspends + fatal warnings for doxygen. Closes ticket 32385. + + o Minor features (git scripts): + - Add TOR_EXTRA_CLONE_ARGS to git-setup-dirs.sh for git clone + customisation. Closes ticket 32347. + - Add git-setup-dirs.sh, which sets up an upstream git repository + and worktrees for tor maintainers. Closes ticket 29603. + - Add TOR_EXTRA_REMOTE_* to git-setup-dirs.sh for a custom extra + remote. Closes ticket 32347. + - Call the check_cocci_parse.sh script from the git commit and push + hooks. Closes ticket 31919. + - Make git-push-all.sh skip unchanged branches when pushing to + upstream. The script already skipped unchanged test branches. + Closes ticket 32216. + - Make git-setup-dirs.sh create a master symlink in the worktree + directory. Closes ticket 32347. + - Skip unmodified source files when doing some existing git hook + checks. Related to ticket 31919. + + o Minor features (IPv6, client): + - Make Tor clients tell dual-stack exits that they prefer IPv6 + connections. This change is equivalent to setting the PreferIPv6 + flag on SOCKSPorts (and most other listener ports). Tor Browser + has been setting this flag for some time, and we want to remove a + client distinguisher at exits. Closes ticket 32637. + + o Minor features (portability, android): + - When building for Android, disable some tests that depend on $HOME + and/or pwdb, which Android doesn't have. Closes ticket 32825. + Patch from Hans-Christoph Steiner. + + o Minor features (relay modularity): + - Split the relay and server pluggable transport config code into + separate files in the relay module. Disable this code when the + relay module is disabled. Closes part of ticket 32213. + - When the relay module is disabled, reject attempts to set the + ORPort, DirPort, DirCache, BridgeRelay, ExtORPort, or + ServerTransport* options, rather than ignoring the values of these + options. Closes part of ticket 32213. + - When the relay module is disabled, change the default config so + that DirCache is 0, and ClientOnly is 1. Closes ticket 32410. + + o Minor features (release tools): + - Port our ChangeLog formatting and sorting tools to Python 3. + Closes ticket 32704. + + o Minor features (testing): + - The unit tests now support a "TOR_SKIP_TESTCASES" environment + variable to specify a list of space-separated test cases that + should not be executed. We will use this to disable certain tests + that are failing on Appveyor because of mismatched OpenSSL + libraries. Part of ticket 33643. + - Detect some common failure cases for test_parseconf.sh in + src/test/conf_failures. Closes ticket 32451. + - Allow test_parseconf.sh to test expected log outputs for successful + configs, as well as failed configs. Closes ticket 32451. + - The test_parseconf.sh script now supports result variants for any + combination of the optional libraries lzma, nss, and zstd. Closes + ticket 32397. + - When running the unit tests on Android, create temporary files in + a subdirectory of /data/local/tmp. Closes ticket 32172. Based on a + patch from Hans-Christoph Steiner. + + o Minor features (usability): + - Include more information when failing to parse a configuration + value. This should make it easier to tell what's going wrong when + a configuration file doesn't parse. Closes ticket 33460. + + o Minor bugfix (relay, configuration): + - Warn if the ContactInfo field is not set, and tell the relay + operator that not having a ContactInfo field set might cause their + relay to get rejected in the future. Fixes bug 33361; bugfix + on 0.1.1.10-alpha. + + o Minor bugfixes (bridges): + - Lowercase the configured value of BridgeDistribution before adding + it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha. + + o Minor bugfixes (build system): + - Fix "make autostyle" for out-of-tree builds. Fixes bug 32370; + bugfix on 0.4.1.2-alpha. + + o Minor bugfixes (compiler compatibility): + - Avoid compiler warnings from Clang 10 related to the use of GCC- + style "/* falls through */" comments. Both Clang and GCC allow + __attribute__((fallthrough)) instead, so that's what we're using + now. Fixes bug 34078; bugfix on 0.3.1.3-alpha. + - Fix compilation warnings with GCC 10.0.1. Fixes bug 34077; bugfix + on 0.4.0.3-alpha. + + o Minor bugfixes (configuration handling): + - Make control_event_conf_changed() take in a config_line_t instead + of a smartlist of alternating key/value entries. Fixes bug 31531; + bugfix on 0.2.3.3-alpha. Patch by Neel Chauhan. + - Check for multiplication overflow when parsing memory units inside + configuration. Fixes bug 30920; bugfix on 0.0.9rc1. + - When dumping the configuration, stop adding a trailing space after + the option name when there is no option value. This issue only + affects options that accept an empty value or list. (Most options + reject empty values, or delete the entire line from the dumped + options.) Fixes bug 32352; bugfix on 0.0.9pre6. + - Avoid changing the user's value of HardwareAccel as stored by + SAVECONF, when AccelName is set but HardwareAccel is not. Fixes + bug 32382; bugfix on 0.2.2.1-alpha. + - When creating a KeyDirectory with the same location as the + DataDirectory (not recommended), respect the DataDirectory's + group-readable setting if one has not been set for the + KeyDirectory. Fixes bug 27992; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (continuous integration): + - Remove the buggy and unused mirroring job. Fixes bug 33213; bugfix + on 0.3.2.2-alpha. + + o Minor bugfixes (controller protocol): + - When receiving "ACTIVE" or "DORMANT" signals on the control port, + report them as SIGNAL events. Previously we would log a bug + warning. Fixes bug 33104; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (controller): + - In routerstatus_has_changed(), check all the fields that are + output over the control port. Fixes bug 20218; bugfix + on 0.1.1.11-alpha. + + o Minor bugfixes (developer tools): + - Allow paths starting with ./ in scripts/add_c_file.py. Fixes bug + 31336; bugfix on 0.4.1.2-alpha. + + o Minor bugfixes (dirauth module): + - Split the dirauth config code into a separate file in the dirauth + module. Disable this code when the dirauth module is disabled. + Closes ticket 32213. + - When the dirauth module is disabled, reject attempts to set the + AuthoritativeDir option, rather than ignoring the value of the + option. Fixes bug 32213; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (embedded Tor): + - When starting Tor any time after the first time in a process, + register the thread in which it is running as the main thread. + Previously, we only did this on Windows, which could lead to bugs + like 23081 on non-Windows platforms. Fixes bug 32884; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (git scripts): + - Avoid sleeping before the last push in git-push-all.sh. Closes + ticket 32216. + - Forward all unrecognised arguments in git-push-all.sh to git push. + Closes ticket 32216. + + o Minor bugfixes (key portability): + - When reading PEM-encoded key data, tolerate CRLF line-endings even + if we are not running on Windows. Previously, non-Windows hosts + would reject these line-endings in certain positions, making + certain key files hard to move from one host to another. Fixes bug + 33032; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (logging): + - Stop truncating IPv6 addresses and ports in channel and connection + logs. Fixes bug 33918; bugfix on 0.2.4.4-alpha. + - Flush stderr, stdout, and file logs during shutdown, if supported + by the OS. This change helps make sure that any final logs are + recorded. Fixes bug 33087; bugfix on 0.4.1.6. + - Stop closing stderr and stdout during shutdown. Closing these file + descriptors can hide sanitiser logs. Fixes bug 33087; bugfix + on 0.4.1.6. + - If we encounter a bug when flushing a buffer to a TLS connection, + only log the bug once per invocation of the Tor process. + Previously we would log with every occurrence, which could cause + us to run out of disk space. Fixes bug 33093; bugfix + on 0.3.2.2-alpha. + - When logging a bug, do not say "Future instances of this warning + will be silenced" unless we are actually going to silence them. + Previously we would say this whenever a BUG() check failed in the + code. Fixes bug 33095; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (onion services v2): + - Move a series of v2 onion service warnings to protocol-warning + level because they can all be triggered remotely by a malformed + request. Fixes bug 32706; bugfix on 0.1.1.14-alpha. + - When sending the INTRO cell for a v2 Onion Service, look at the + failure cache alongside timeout values to check if the intro point + is marked as failed. Previously, we only looked at the relay + timeout values. Fixes bug 25568; bugfix on 0.2.7.3-rc. Patch by + Neel Chauhan. + + o Minor bugfixes (onion services v3): + - Remove a BUG() warning that would cause a stack trace if an onion + service descriptor was freed while we were waiting for a + rendezvous circuit to complete. Fixes bug 28992; bugfix + on 0.3.2.1-alpha. + - Relax severity of a log message that can appear naturally when + decoding onion service descriptors as a relay. Also add some + diagnostics to debug any future bugs in that area. Fixes bug + 31669; bugfix on 0.3.0.1-alpha. + - Fix an assertion failure that could result from a corrupted + ADD_ONION control port command. Found by Saibato. Fixes bug 33137; + bugfix on 0.3.3.1-alpha. This issue is also tracked + as TROVE-2020-003. + - Properly handle the client rendezvous circuit timeout. Previously + Tor would sometimes timeout a rendezvous circuit awaiting the + introduction ACK, and find itself unable to re-establish all + circuits because the rendezvous circuit timed out too early. Fixes + bug 32021; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (onion services): + - Do not rely on a "circuit established" flag for intro circuits but + instead always query the HS circuit map. This is to avoid sync + issue with that flag and the map. Fixes bug 32094; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (onion services, all): + - In cancel_descriptor_fetches(), use + connection_list_by_type_purpose() instead of + connection_list_by_type_state(). Fixes bug 32639; bugfix on + 0.3.2.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (pluggable transports): + - When receiving a message on standard error from a pluggable + transport, log it at info level, rather than as a warning. Fixes + bug 33005; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (rust, build): + - Fix a syntax warning given by newer versions of Rust that was + creating problems for our continuous integration. Fixes bug 33212; + bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (scripts): + - Fix update_versions.py for out-of-tree builds. Fixes bug 32371; + bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (testing): + - Use the same code to find the tor binary in all of our test + scripts. This change makes sure we are always using the coverage + binary when coverage is enabled. Fixes bug 32368; bugfix + on 0.2.7.3-rc. + - Stop ignoring "tor --dump-config" errors in test_parseconf.sh. + Fixes bug 32468; bugfix on 0.4.2.1-alpha. + - Our option-validation tests no longer depend on specially + configured non-default, non-passing sets of options. Previously, + the tests had been written to assume that options would _not_ be + set to their defaults, which led to needless complexity and + verbosity. Fixes bug 32175; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (TLS bug handling): + - When encountering a bug in buf_read_from_tls(), return a "MISC" + error code rather than "WANTWRITE". This change might help avoid + some CPU-wasting loops if the bug is ever triggered. Bug reported + by opara. Fixes bug 32673; bugfix on 0.3.0.4-alpha. + + o Deprecated features: + - Deprecate the ClientAutoIPv6ORPort option. This option was not + true "Happy Eyeballs", and often failed on connections that + weren't reliably dual-stack. Closes ticket 32942. Patch by + Neel Chauhan. + + o Documentation: + - Provide a quickstart guide for a Circuit Padding Framework, and + documentation for researchers to implement and study circuit + padding machines. Closes ticket 28804. + - Add documentation in 'HelpfulTools.md' to describe how to build a + tag file. Closes ticket 32779. + - Create a high-level description of the long-term software + architecture goals. Closes ticket 32206. + - Describe the --dump-config command in the manual page. Closes + ticket 32467. + - Unite coding advice from this_not_that.md in torguts repo into our + coding standards document. Resolves ticket 31853. + + o Removed features: + - Our Doxygen configuration no longer generates LaTeX output. The + reference manual produced by doing this was over 4000 pages long, + and generally unusable. Closes ticket 32099. + - The option "TestingEstimatedDescriptorPropagationTime" is now + marked as obsolete. It has had no effect since 0.3.0.7, when + clients stopped rejecting consensuses "from the future". Closes + ticket 32807. + - We no longer support consensus methods before method 28; these + methods were only used by authorities running versions of Tor that + are now at end-of-life. In effect, this means that clients, + relays, and authorities now assume that authorities will be + running version 0.3.5.x or later. Closes ticket 32695. + + o Testing: + - Avoid conflicts between the fake sockets in tor's unit tests, and + real file descriptors. Resolves issues running unit tests with + GitHub Actions, where the process that embeds or launches the + tests has already opened a large number of file descriptors. Fixes + bug 33782; bugfix on 0.2.8.1-alpha. Found and fixed by + Putta Khunchalee. + - Add more test cases for tor's UTF-8 validation function. Also, + check the arguments passed to the function for consistency. Closes + ticket 32845. + - Improve test coverage for relay and dirauth config code, focusing + on option validation and normalization. Closes ticket 32213. + - Improve the consistency of test_parseconf.sh output, and run all + the tests, even if one fails. Closes ticket 32213. + - Run the practracker unit tests in the pre-commit git hook. Closes + ticket 32609. + + o Code simplification and refactoring (channel): + - Channel layer had a variable length cell handler that was not used + and thus removed. Closes ticket 32892. + + o Code simplification and refactoring (configuration): + - Immutability is now implemented as a flag on individual + configuration options rather than as part of the option-transition + checking code. Closes ticket 32344. + - Instead of keeping a list of configuration options to check for + relative paths, check all the options whose type is "FILENAME". + Solves part of ticket 32339. + - Our default log (which ordinarily sends NOTICE-level messages to + standard output) is now handled in a more logical manner. + Previously, we replaced the configured log options if they were + empty. Now, we interpret an empty set of log options as meaning + "use the default log". Closes ticket 31999. + - Remove some unused arguments from the options_validate() function, + to simplify our code and tests. Closes ticket 32187. + - Simplify the options_validate() code so that it looks at the + default options directly, rather than taking default options as an + argument. This change lets us simplify its interface. Closes + ticket 32185. + - Use our new configuration architecture to move most authority- + related options to the directory authority module. Closes + ticket 32806. + - When parsing the command line, handle options that determine our + "quiet level" and our mode of operation (e.g., --dump-config and + so on) all in one table. Closes ticket 32003. + + o Code simplification and refactoring (controller): + - Create a new abstraction for formatting control protocol reply + lines based on key-value pairs. Refactor some existing control + protocol code to take advantage of this. Closes ticket 30984. + - Create a helper function that can fetch network status or + microdesc consensuses. Closes ticket 31684. + + o Code simplification and refactoring (dirauth modularization): + - Remove the last remaining HAVE_MODULE_DIRAUTH inside a function. + Closes ticket 32163. + - Replace some confusing identifiers in process_descs.c. Closes + ticket 29826. + - Simplify some relay and dirauth config code. Closes ticket 32213. + + o Code simplification and refactoring (mainloop): + - Simplify the ip_address_changed() function by removing redundant + checks. Closes ticket 33091. + + o Code simplification and refactoring (misc): + - Make all the structs we declare follow the same naming convention + of ending with "_t". Closes ticket 32415. + - Move and rename some configuration-related code for clarity. + Closes ticket 32304. + - Our include.am files are now broken up by subdirectory. + Previously, src/core/include.am covered all of the subdirectories + in "core", "feature", and "app". Closes ticket 32137. + - Remove underused NS*() macros from test code: they make our tests + more confusing, especially for code-formatting tools. Closes + ticket 32887. + + o Code simplification and refactoring (relay modularization): + - Disable relay_periodic when the relay module is disabled. Closes + ticket 32244. + - Disable relay_sys when the relay module is disabled. Closes + ticket 32245. + + o Code simplification and refactoring (tool support): + - Add numerous missing dependencies to our include files, so that + they can be included in different reasonable orders and still + compile. Addresses part of ticket 32764. + - Fix some parts of our code that were difficult for Coccinelle to + parse. Related to ticket 31705. + - Fix some small issues in our code that prevented automatic + formatting tools from working. Addresses part of ticket 32764. + + o Documentation (manpage): + - Alphabetize the Server and Directory server sections of the tor + manpage. Also split Statistics options into their own section of + the manpage. Closes ticket 33188. Work by Swati Thacker as part of + Google Season of Docs. + - Document the __OwningControllerProcess torrc option and specify + its polling interval. Resolves issue 32971. + - Split "Circuit Timeout" options and "Node Selection" options into + their own sections of the tor manpage. Closes tickets 32928 and + 32929. Work by Swati Thacker as part of Google Season of Docs. + - Alphabetize the Client Options section of the tor manpage. Closes + ticket 32846. + - Alphabetize the General Options section of the tor manpage. Closes + ticket 32708. + - In the tor(1) manpage, reword and improve formatting of the + COMMAND-LINE OPTIONS and DESCRIPTION sections. Closes ticket + 32277. Based on work by Swati Thacker as part of Google Season + of Docs. + - In the tor(1) manpage, reword and improve formatting of the FILES, + SEE ALSO, and BUGS sections. Closes ticket 32176. Based on work by + Swati Thacker as part of Google Season of Docs. + + o Testing (Appveyor CI): + - In our Appveyor Windows CI, copy required DLLs to test and app + directories, before running tor's tests. This ensures that tor.exe + and test*.exe use the correct version of each DLL. This fix is not + required, but we hope it will avoid DLL search issues in future. + Fixes bug 33673; bugfix on 0.3.4.2-alpha. + - On Appveyor, skip the crypto/openssl_version test, which is + failing because of a mismatched library installation. Fix + for 33643. + + o Testing (circuit, EWMA): + - Add unit tests for circuitmux and EWMA subsystems. Closes + ticket 32196. + + o Testing (Travis CI): + - Remove a redundant distcheck job. Closes ticket 33194. + - Sort the Travis jobs in order of speed: putting the slowest jobs + first takes full advantage of Travis job concurrency. Closes + ticket 33194. + - Stop allowing the Chutney IPv6 Travis job to fail. This job was + previously configured to fast_finish (which requires + allow_failure), to speed up the build. Closes ticket 33195. + - When a Travis chutney job fails, use chutney's new "diagnostics.sh" + tool to produce detailed diagnostic output. Closes ticket 32792. + + Changes in version 0.4.2.7 - 2020-03-18 This is the third stable release in the 0.4.2.x series. It backports numerous fixes from later releases, including a fix for TROVE-2020- -- cgit v1.2.3-54-g00ecf