Start on a changelog for 0.3.2.1-alpha: sortchanges and formatchangelog

ChangeLog

@@ -1,3 +1,357 @@
+Changes in version 0.3.2.1-alpha - 2017-09-18
+  BLURB
+
+  Below are the changes since Tor 0.3.1.7.
+
+  o Major feature (scheduler, channel):
+    - Introducing the KIST scheduler which stands for Kernel Informed
+      Socket Transport. It is only available on Linux systems. This
+      comes from a researched and published paper you can find
+      here: http://www.robgjansen.com/publications/kist-sec2014.pdf
+      https://arxiv.org/abs/1709.01044 This is also a major refactoring
+      of the entire scheduler subsystem in order for it to be more
+      modular and thus much more easier to add more scheduler type
+      later. The current scheduler has been named "Vanilla" but we favor
+      KIST if available in this version. A new torrc option has been
+      added and named "Schedulers type1,type2,..." which allows a user
+      to select which scheduler type it wants tor to use. It is also
+      possible to change it at runtime. It is an ordered list by
+      priority. KIST might not be available on all platforms so there is
+      a fallback to "KISTLite" that uses the same mechanisms but without
+      the kernel support. The current default values are: Schedulers
+      KIST,KISTLite,Vanilla. Closes ticket 12541.
+
+  o Major features (next-generation onion services):
+    - Tor now supports the next-generation onion services protocol for
+      clients and services! As part of this release, the core of
+      proposal 224 has been implemented and is available for
+      experimentation and testing by our users. This newer version of
+      onion services (v3) features various improvements over the legacy
+      system: a) Better crypto (replaced SHA1/DH/RSA1024 with
+      SHA3/ed25519/curve25519) b) Improved directory protocol leaking
+      less to directory servers. c) Improved directory protocol with
+      smaller surface for targeted attacks. d) Better onion address
+      security against impersonation. e) More extensible
+      introduction/rendezvous protocol. f) A cleaner and more modular
+      codebase. Furthermore, as part of this update, onion addresses
+      increase in length and are now 56 characters long:
+      4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion In
+      the future, we will be releasing more options and features but we
+      first need a testing period, so that the current codebase matures
+      and becomes more robust. Here are some of the features we have
+      planned: 1) Offline keys for onion services 2) Advanced client
+      authorization for onion services 3) Improved guard algorithm for
+      onion services 4) Next-gen onion service statistics Please see our
+      proposal for more details:
+      https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt
+      The default version for onion services remains v2 (the legacy
+      system) until this new codebase gets tested and hardened. Service
+      operators who want to experiment with the new system can use the
+      'HiddenServiceVersion 3' torrc directive along with the regular
+      onion service configuration options. We will publish a blog post
+      about this new feature soon! Enjoy!
+
+  o Major bugfixes (usability, control port):
+    - Report trusted clock skew indications as bootstrap errors, so
+      controllers can more easily alert users. Fixes bug 23506; bugfix
+      on 0.1.2.6-alpha.
+
+  o Minor features (bug detection):
+    - Log a warning message, with stack trace, for any attempt to call
+      get_options() during option validation. Closes ticket 22281.
+
+  o Minor features (client directory bandwidth tuning):
+    - When downloading (micro)descriptors, don't split the list of
+      descriptors into multiple requests unless there are at least 32
+      descriptors that we want. Previously, we split at 4, not 32, which
+      could lead to significant overhead in HTTP request size and
+      degradation in compression performance. Closes ticket 23220.
+
+  o Minor features (client):
+    - You can now use Tor as a tunneled HTTP proxy: use the
+      HTTPTunnelPort option to open a port that accepts HTTP CONNECT
+      requests. Closes ticket 22407.
+
+  o Minor features (client, entry guards):
+    - Add an extra check to make sure that we always use the new guard
+      selection code for picking our guards. Closes ticket 22779.
+
+  o Minor features (command line):
+    - Add a new commandline option, --key-expiration, which prints when
+      the current signing key is going to expire. Implements ticket
+      17639; patch by Isis Lovecruft.
+
+  o Minor features (control port):
+    - If the control port is used as the HTTP proxy, responds with a
+      meaningful "This is the Tor control port" message, and log the
+      event. Closes ticket 1667. Patch from Ravi Chandra Padmala.
+    - Provide better error message for GETINFO desc/(id|name) when
+      microdescriptors are in use and router descriptors are not
+      fetched. Closes ticket 5847. Patch by Kevin Butler.
+
+  o Minor features (control):
+    - Add GETINFO desc/download-enabled and md/download-enabled, to
+      inform the controller whether try to download router descriptors
+      and microdescriptors respectively. Closes ticket 22684.
+
+  o Minor features (controller):
+    - Added new GETINFO targets ip-to-country/{ipv4,ipv6}-available, so
+      controllers can tell whether the geoip databases are loaded.
+      Closes ticket 23237.
+    - Adds a timestamp field to the CIRC_BW and STREAM_BW bandwidth
+      events. Closes ticket 19254. Patch by "DonnchaC".
+
+  o Minor features (development support):
+    - Developers can now generate a call-graph for Tor using the
+      "calltool" python program, which post-processes object dumps. It
+      should work okay on many Linux and OSX platforms, and might work
+      elsewhere too. To run this, install calltool from
+      https://gitweb.torproject.org/user/nickm/calltool.git and run
+      "make callgraph". Closes ticket 19307.
+
+  o Minor features (ed25519):
+    - Add validation function to checks for torsion components in
+      ed25119 public keys, used by prop224 client-side code. Closes
+      ticket 22006. Math help by Ian Goldberg.
+
+  o Minor features (exit relay, DNS):
+    - Improve the clarity and safety of the log message from evdns when
+      receiving an apparent spoofed DNS reply. Closes ticket 3056.
+
+  o Minor features (integration, hardening):
+    - Added a new NoExec option, to prevent Tor from running other
+      programs. When this option is set to 1, Tor will never try to run
+      another program, regardless of the settings of
+      PortForwardingHelper, ClientTransportPlugin, or
+      ServerTransportPlugin. Once NoExec is set, it cannot be disabled
+      without restarting Tor. Closes ticket 22976.
+
+  o Minor features (linux seccomp2 sandbox):
+    - If the sandbox filter fails to load, suggest to the user that
+      their kernel might not support seccomp2. Closes ticket 23090.
+
+  o Minor features (logging, UI):
+    - Improve the warning message for specifying a relay by nickname.
+      The previous message implied that nickname registration was still
+      part of the Tor network design, which it isn't. Closes
+      ticket 20488.
+
+  o Minor features (portability):
+    - Check at configure time whether uint8_t is unsigned char. Lots of
+      existing code already assumes this, and there could be strict
+      aliasing issues if they aren't the same type. Closes ticket 22410.
+
+  o Minor features (relay, configuration):
+    - Reject attempts to use relative file paths when RunAsDaemon is
+      set. Previously, Tor would accept these, but the directory-
+      changing step of RunAsDaemon would give strange and/or confusing
+      results. Closes ticket 22731.
+
+  o Minor features (startup, safety):
+    - When configured to write a PID file, Tor now exits if it is unable
+      to do so. Previously, it would warn and continue. Closes
+      ticket 20119.
+
+  o Minor features (static analysis):
+    - The BUG() macro has been changed slightly so that Coverity no
+      longer complains about dead code if the bug is impossible. Closes
+      ticket 23054.
+
+  o Minor features (testing):
+    - Add a unit test to verify that we can parse a hardcoded v2 hidden
+      service descriptor. Closes ticket 15554.
+
+  o Minor bugfix (relay address resolution):
+    - Avoid unnecessary calls to directory_fetches_from_authorities() on
+      relays. This avoids spurious address resolutions and descriptor
+      rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
+      bugfix on in 0.2.8.1-alpha.
+
+  o Minor bugfixes (certificate handling):
+    - Fix a time handling bug in Tor certificates set to expire after
+      the year 2106. Fixes bug 23055; bugfix on 0.3.0.1-alpha. Found by
+      Coverity as CID 1415728.
+
+  o Minor bugfixes (circuit logging):
+    - torspec says hop counts are 1-based, so fix two log messages that
+      mistakenly logged 0-based hop counts. Fixes bug 18982; bugfix on
+      0.2.6.2-alpha and 0.2.4.5-alpha. Patch by teor. Credit to Xiaofan
+      Li for reporting this issue.
+
+  o Minor bugfixes (client, usability):
+    - Refrain from needlessly rejecting SOCKS5-with-hostnames and
+      SOCKS4a requests that contain IP address strings, even when
+      SafeSocks in enabled, as this prevents user from connecting to
+      known IP addresses without relying on DNS for resolving. SafeSocks
+      still rejects SOCKS connections that connect to IP addresses when
+      those addresses are _not_ encoded as hostnames. Fixes bug 22461;
+      bugfix on Tor 0.2.6.2-alpha.
+
+  o Minor bugfixes (code correctness):
+    - Call htons() in extend_cell_format() for encoding a 16-bit value.
+      Previously we used ntohs(), which happens to behave the same on
+      all the platforms we support, but which isn't really correct.
+      Fixes bug 23106; bugfix on 0.2.4.8-alpha.
+
+  o Minor bugfixes (compilation):
+    - Fix unused variable warnings in donna's Curve25519 SSE2 code.
+      Fixes bug 22895; bugfix on 0.2.7.2-alpha.
+
+  o Minor bugfixes (consensus expiry):
+    - Tor would reconsider updating its directory information every 2
+      minutes instead of only doing it for a consensus that is more than
+      24 hours old (badly expired). This specific check is done in the
+      tor main loop callback that validates if we have an expired
+      consensus. Fixes bug 23091; bugfix on 0.2.0.19-alpha.
+
+  o Minor bugfixes (correctness, controller):
+    - Make the controller's write_escaped_data() function robust to
+      extremely long inputs. Right now, it doesn't actually receive any
+      extremely long inputs, so this is for defense in depth. Fixes bug
+      19281; bugfix on 0.1.1.1-alpha. Reported by Guido Vranken.
+
+  o Minor bugfixes (crypto):
+    - Properly detect and refuse to blind bad ed25519 keys. The key
+      blinding code is currently unused, so this bug does not affect tor
+      clients or services on the network. Fixes bug 22746; bugfix
+      on 0.2.6.1-alpha.
+
+  o Minor bugfixes (directories):
+    - Directory servers now include a "Date:" http header for response
+      codes other than 200. Clients starting with a skewed clock and a
+      recent consensus were getting "304 Not modified" responses from
+      directory authorities, so without a Date header the client would
+      never hear about a wrong clock. Fixes bug 23499; bugfix
+      on 0.0.8rc1.
+
+  o Minor bugfixes (directory downloads):
+    - Make clients wait for 6 seconds before trying to download their
+      consensus from an authority. Fixes bug 17750; bugfix
+      on 0.2.8.1-alpha.
+
+  o Minor bugfixes (DoS-resistance):
+    - If future code asks if there are any running bridges, without
+      checking if bridges are enabled, log a BUG warning rather than
+      crashing. Fixes bug 23524; bugfix on 0.3.0.1-alpha.
+
+  o Minor bugfixes (format strictness):
+    - Restrict several data formats to decimal. Previously, the
+      BuildTimeHistogram entries in the state file, the "bw=" entries in
+      the bandwidth authority file, and process IDs passed to the
+      __OwningControllerProcess option could all be specified in hex or
+      octal as well as in decimal. This was not an intentional feature.
+      Fixes bug 22802; bugfixes on 0.2.2.1-alpha, 0.2.2.2-alpha,
+      and 0.2.2.28-beta.
+
+  o Minor bugfixes (heartbeat):
+    - If we fail to write a heartbeat message, schedule a retry for the
+      minimum heartbeat interval number of seconds in the future. Fixes
+      bug 19476; bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes (linux seccomp2 sandbox, logging):
+    - Fix some messages on unexpected errors from the seccomp2 library.
+      Fixes bug 22750; bugfix on 0.2.5.1-alpha. Patch from "cypherpunks".
+
+  o Minor bugfixes (logging):
+    - Remove duplicate log messages regarding opening non-local
+      SocksPorts upon parsing config and opening listeners at startup.
+      Fixes bug 4019; bugfix on 0.2.3.3-alpha.
+    - Use a more comprehensible log message when telling the user
+      they've excluded every running exit node. Fixes bug 7890; bugfix
+      on 0.2.2.25-alpha.
+    - When logging the number of descriptors we intend to download per
+      directory request, do not log a number higher than then the number
+      of descriptors we're fetching in total. Fixes bug 19648; bugfix
+      on 0.1.1.8-alpha.
+    - When warning about a directory owned by the wrong user, log the
+      actual name of the user owning the directory. Previously, we'd log
+      the name of the process owner twice. Fixes bug 23487; bugfix
+      on 0.2.9.1-alpha.
+
+  o Minor bugfixes (portability):
+    - Stop using the PATH_MAX variable. The variable is not defined in
+      GNU Hurd which prevents Tor from being built. Fixes bug 23098;
+      bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (relay):
+    - When uploading our descriptor for the first time after startup,
+      report the reason for uploading as "Tor just started" rather than
+      leaving it blank. Fixes bug 22885; bugfix on 0.2.3.4-alpha.
+
+  o Minor bugfixes (test):
+    - Fix a broken unit test for the OutboundAddress option: the parsing
+      function was never returning an error on failure. Fixes bug 23366;
+      bugfix on 0.3.0.3-alpha.
+
+  o Minor bugfixes (tests):
+    - Fix a signed-integer overflow in the unit tests for
+      dir/download_status_random_backoff, which was untriggered until we
+      fixed bug 17750. Fixes bug 22924; bugfix on 0.2.9.1-alpha.
+
+  o Minor bugfixes (usability, control port):
+    - Stop making an unnecessary routerlist check in NETINFO clock skew
+      detection; this was preventing clients from reporting NETINFO clock
+      skew to controllers. Fixes bug 23532; bugfix on 0.2.4.4-alpha.
+
+  o Code simplification and refactoring:
+    - Extract the code for handling newly-open channels into a separate
+      function from the general code to handle channel state
+      transitions. This change simplifies our callgraph, reducing the
+      size of the largest strongly connected component by roughly a
+      factor of two. Closes ticket 22608
+    - Remove dead code for largely unused statistics on the number of
+      times we've attempted various public key operations. Fixes bug
+      19871; bugfix on 0.1.2.4-alpha. Fix by Isis Lovecruft.
+    - Remove several now-obsolete functions for asking about old
+      variants directory authority status. Closes ticket 22311; patch
+      from "huyvq".
+    - Remove some of the code that once supported "Named" and "Unnamed"
+      routers. Authorities no longer vote for these flags. Closes
+      ticket 22215.
+    - Rename the obsolete malleable hybrid_encrypt functions used in TAP
+      and old hidden services to indicate that they aren't suitable for
+      new protocols or formats. Closes ticket 23026.
+    - Replace our STRUCT_OFFSET() macro with offsetof(). Closes ticket
+      22521. Patch from Neel Chauhan.
+    - Split the enormous circuit_send_next_onion_skin() function into
+      multiple subfunctions. Closes ticket 22804.
+    - Split the portions of the buffer.c module that handle particular
+      protocols into separate modules. Part of ticket 23149.
+    - Use our test macros more consistently, to produce more useful
+      error messages when our unit tests fail. Add coccinelle patches to
+      allow us to re-check for test macro uses. Closes ticket 22497.
+
+  o Deprecated features:
+    - Deprecate HTTPProxy/HTTPProxyAuthenticator config options. They
+      only applies to direct unencrypted HTTP connections to your
+      directory server, which your Tor probably isn't using. Closes
+      ticket 20575.
+
+  o Documentation:
+    - Clarify in the manual that "Sandbox 1" is only supported on Linux
+      kernels. Closes ticket 22677.
+    - Document all values of PublishServerDescriptor in the manpage.
+      Closes ticket 15645.
+    - Improve the documentation for the directory port part of the
+      DirAuthority line. Closes ticket 20152.
+    - Restore documentation for the authorities' "approved-routers"
+      file. Closes ticket 21148.
+
+  o Removed features:
+    - The AllowDotExit option has been removed as unsafe. It has been
+      deprecated since 0.2.9.2-alpha. Closes ticket 23426.
+    - The ClientDNSRejectInternalAddresses flag can no longer be set on
+      non-testing networks. It has been deprecated since 0.2.9.2-alpha.
+      Closes ticket 21031.
+    - The controller API no longer includes an AUTHDIR_NEWDESCS event:
+      nobody was using it any longer. Closes ticket 22377.
+
+  o Testing:
+    - The default chutney network tests now include tests for the v3
+      hidden service design. Make sure you have the latest version of
+      chutney if you want to run these. Closes ticket 22437.
+
+
 Changes in version 0.2.8.15 - 2017-09-18
   Tor 0.2.8.15 backports a collection of bugfixes from later
   Tor series.

changes/15554

@@ -1,4 +0,0 @@
-  o Minor features (testing):
-    - Add a unit test to verify that we can parse a hardcoded v2
-      hidden service descriptor. Closes ticket 15554.
-

changes/19307

@@ -1,7 +0,0 @@
-  o Minor features (development support):
-    - Developers can now generate a call-graph for Tor using the
-      "calltool" python program, which post-processes object dumps.  It
-      should work okay on many Linux and OSX platforms, and might work
-      elsewhere too.  To run this, install calltool from
-      https://gitweb.torproject.org/user/nickm/calltool.git and run
-      "make callgraph". Closes ticket 19307.

changes/21148

@@ -1,4 +0,0 @@
-  o Documentation:
-    - Restore documentation for the authorities' "approved-routers" file.
-      Closes ticket 21148.
-

changes/bug15645

@@ -1,3 +0,0 @@
-  o Documentation:
-    - Document all values of PublishServerDescriptor in the manpage.
-      Closes ticket 15645.

changes/bug1667

@@ -1,4 +0,0 @@
-  o Minor features (control port):
-    - If the control port is used as the HTTP proxy, responds with
-      a meaningful "This is the Tor control port" message, and log
-      the event. Closes ticket 1667. Patch from Ravi Chandra Padmala.

changes/bug17639

@@ -1,4 +0,0 @@
-  o Minor features (command line):
-    - Add a new commandline option, --key-expiration, which prints when
-      the current signing key is going to expire. Implements ticket
-      17639; patch by Isis Lovecruft.

changes/bug17750

@@ -1,4 +0,0 @@
-  o Minor bugfixes (directory downloads):
-    - Make clients wait for 6 seconds before trying to download their
-      consensus from an authority.
-      Fixes bug 17750; bugfix on 0.2.8.1-alpha.

changes/bug18982

@@ -1,6 +0,0 @@
-  o Minor bugfixes (circuit logging):
-    - torspec says hop counts are 1-based, so fix two log messages
-      that mistakenly logged 0-based hop counts.
-      Fixes bug 18982; bugfix on 0.2.6.2-alpha
-      and 0.2.4.5-alpha. Patch by teor.
-      Credit to Xiaofan Li for reporting this issue.

changes/bug19281

@@ -1,5 +0,0 @@
-  o Minor bugfixes (correctness, controller):
-    - Make the controller's write_escaped_data() function robust to extremely
-      long inputs. Right now, it doesn't actually receive any extremely
-      long inputs, so this is for defense in depth. Fixes bug 19281;
-      bugfix on 0.1.1.1-alpha. Reported by Guido Vranken.

changes/bug19476

@@ -1,4 +0,0 @@
-  o Minor bugfixes (heartbeat):
-    - If we fail to write a heartbeat message, schedule a retry for the minimum
-      heartbeat interval number of seconds in the future. Fixes bug 19476;
-      bugfix on 0.2.3.1-alpha.

changes/bug19648

@@ -1,5 +0,0 @@
-  o Minor bugfixes (logging):
-    - When logging the number of descriptors we intend to download per
-      directory request, do not log a number higher than then the
-      number of descriptors we're fetching in total. Fixes bug 19648;
-      bugfix on 0.1.1.8-alpha.

changes/bug19871

@@ -1,4 +0,0 @@
-  o Code simplification and refactoring:
-    - Remove dead code for largely unused statistics on the number of
-      times we've attempted various public key operations. Fixes bug
-      19871; bugfix on 0.1.2.4-alpha. Fix by Isis Lovecruft.

changes/bug22006

@@ -1,4 +0,0 @@
-  o Minor features (ed25519):
-    - Add validation function to checks for torsion components in ed25119
-      public keys, used by prop224 client-side
-      code. Closes ticket 22006. Math help by Ian Goldberg.

changes/bug22410

@@ -1,4 +0,0 @@
-  o Minor features (portability):
-    - Check at configure time whether uint8_t is unsigned char.  Lots
-      of existing code already assumes this, and there could be strict
-      aliasing issues if they aren't the same type. Closes ticket 22410.

changes/bug22461

@@ -1,7 +0,0 @@
-  o Minor bugfixes (client, usability):
-    - Refrain from needlessly rejecting SOCKS5-with-hostnames and SOCKS4a
-      requests that contain IP address strings, even when SafeSocks in
-      enabled, as this prevents user from connecting to known IP addresses
-      without relying on DNS for resolving. SafeSocks still rejects SOCKS
-      connections that connect to IP addresses when those addresses are _not_
-      encoded as hostnames. Fixes bug 22461; bugfix on Tor 0.2.6.2-alpha.

changes/bug22497

@@ -1,4 +0,0 @@
-  o Code simplification and refactoring:
-    - Use our test macros more consistently, to produce more useful
-      error messages when our unit tests fail.  Add coccinelle patches 
-      to allow us to re-check for test macro uses. Closes ticket 22497.

changes/bug22677

@@ -1,3 +0,0 @@
-  o Documentation:
-    - Clarify in the manual that "Sandbox 1" is only supported on Linux
-      kernels. Closes ticket 22677.

changes/bug22731

@@ -1,5 +0,0 @@
-  o Minor features (relay, configuration):
-    - Reject attempts to use relative file paths when RunAsDaemon is set.
-      Previously, Tor would accept these, but the directory-changing step
-      of RunAsDaemon would give strange and/or confusing results.
-      Closes ticket 22731.

changes/bug22746

@@ -1,4 +0,0 @@
-  o Minor bugfixes (crypto):
-    - Properly detect and refuse to blind bad ed25519 keys. The key blinding
-      code is currently unused, so this bug does not affect tor clients or
-      services on the network. Fixes bug 22746; bugfix on 0.2.6.1-alpha.

changes/bug22750

@@ -1,5 +0,0 @@
-  o Minor bugfixes (linux seccomp2 sandbox, logging):
-    - Fix some messages on unexpected errors from the seccomp2
-      library.  Fixes bug 22750; bugfix on 0.2.5.1-alpha.  Patch
-      from "cypherpunks".
-

changes/bug22779

@@ -1,4 +0,0 @@
-  o Minor features (client, entry guards):
-    - Add an extra check to make sure that we always use the
-      new guard selection code for picking our guards. Closes
-      ticket 22779.

changes/bug22802

@@ -1,10 +0,0 @@
-  o Minor bugfixes (format strictness):
-    - Restrict several data formats to decimal. Previously, the
-      BuildTimeHistogram entries in the state file, the "bw=" entries in the
-      bandwidth authority file, and process IDs passed to the
-      __OwningControllerProcess option could all be specified in hex or octal
-      as well as in decimal.  This was not an intentional feature.
-      Fixes bug 22802; bugfixes on 0.2.2.1-alpha, 0.2.2.2-alpha, and
-      0.2.2.28-beta.
-
-

changes/bug22885

@@ -1,5 +0,0 @@
-  o Minor bugfixes (relay):
-    - When uploading our descriptor for the first time after startup,
-      report the reason for uploading as "Tor just started" rather than
-      leaving it blank. Fixes bug 22885; bugfix on 0.2.3.4-alpha.
-

changes/bug22924

@@ -1,4 +0,0 @@
-  o Minor bugfixes (tests):
-    - Fix a signed-integer overflow in the unit tests for
-      dir/download_status_random_backoff, which was untriggered until we
-      fixed bug 17750.  Fixes bug 22924; bugfix on 0.2.9.1-alpha.

changes/bug23026

@@ -1,4 +0,0 @@
-  o Code simplification and refactoring:
-    - Rename the obsolete malleable hybrid_encrypt functions used in
-      TAP and old hidden services to indicate that they aren't suitable
-      for new protocols or formats. Closes ticket 23026.

changes/bug23054

@@ -1,4 +0,0 @@
-  o Minor features (static analysis):
-    - The BUG() macro has been changed slightly so that Coverity no
-      longer complains about dead code if the bug is impossible. Closes
-      ticket 23054.

changes/bug23055

@@ -1,4 +0,0 @@
-  o Minor bugfixes (certificate handling):
-    - Fix a time handling bug in Tor certificates set to expire after
-      the year 2106. Fixes bug 23055; bugfix on 0.3.0.1-alpha.
-      Found by Coverity as CID 1415728.

changes/bug23091

@@ -1,6 +0,0 @@
-  o Minor bugfixes (consensus expiry):
-    - Tor would reconsider updating its directory information every 2 minutes
-      instead of only doing it for a consensus that is more than 24 hours old
-      (badly expired). This specific check is done in the tor main loop
-      callback that validates if we have an expired consensus. Fixes bug
-      23091; bugfix on 0.2.0.19-alpha.

changes/bug23098

@@ -1,4 +0,0 @@
-  o Minor bugfixes (portability):
-    - Stop using the PATH_MAX variable. The variable is not defined in
-      GNU Hurd which prevents Tor from being built. Fixes bug 23098;
-      bugfix on 0.3.1.1-alpha.

changes/bug23106

@@ -1,5 +0,0 @@
-  o Minor bugfixes (code correctness):
-    - Call htons() in extend_cell_format() for encoding a 16-bit
-      value. Previously we used ntohs(), which happens to behave the
-      same on all the platforms we support, but which isn't really
-      correct. Fixes bug 23106; bugfix on 0.2.4.8-alpha.

changes/bug23220

@@ -1,7 +0,0 @@
-  o Minor features (client directory bandwidth tuning):
-
-    - When downloading (micro)descriptors, don't split the list of
-      descriptors into multiple requests unless there are at least 32
-      descriptors that we want. Previously, we split at 4, not 32, which
-      could lead to significant overhead in HTTP request size and
-      degradation in compression performance. Closes ticket 23220.

changes/bug23366

@@ -1,4 +0,0 @@
-  o Minor bugfixes (test):
-    - Fix a broken unit test for the OutboundAddress option: the parsing
-      function was never returning an error on failure. Fixes bug 23366;
-      bugfix on 0.3.0.3-alpha.

changes/bug23426

@@ -1,4 +0,0 @@
-  o Removed features:
-    - The AllowDotExit option has been removed as unsafe.  It has
-      been deprecated since 0.2.9.2-alpha.  Closes ticket 23426.
-

changes/bug23470

@@ -1,5 +0,0 @@
-  o Minor bugfix (relay address resolution):
-    - Avoid unnecessary calls to directory_fetches_from_authorities()
-      on relays. This avoids spurious address resolutions and
-      descriptor rebuilds. This is a mitigation for bug 21789.
-      Fixes bug 23470; bugfix on in 0.2.8.1-alpha.

changes/bug23487

@@ -1,5 +0,0 @@
-  o Minor bugfixes (logging):
-    - When warning about a directory owned by the wrong user, log the actual
-      name of the user owning the directory.  Previously, we'd log the name
-      of the process owner twice. Fixes bug 23487; bugfix on 0.2.9.1-alpha.
-

changes/bug23499

@@ -1,6 +0,0 @@
-  o Minor bugfixes (directories):
-    - Directory servers now include a "Date:" http header for response
-      codes other than 200. Clients starting with a skewed clock and a
-      recent consensus were getting "304 Not modified" responses from
-      directory authorities, so without a Date header the client would
-      never hear about a wrong clock. Fixes bug 23499; bugfix on 0.0.8rc1.

changes/bug23506

@@ -1,4 +0,0 @@
-  o Major bugfixes (usability, control port):
-    - Report trusted clock skew indications as bootstrap errors, so
-      controllers can more easily alert users.  Fixes bug 23506;
-      bugfix on 0.1.2.6-alpha.

changes/bug23524

@@ -1,4 +0,0 @@
-  o Minor bugfixes (DoS-resistance):
-    - If future code asks if there are any running bridges, without checking
-      if bridges are enabled, log a BUG warning rather than crashing.
-      Fixes bug 23524; bugfix on 0.3.0.1-alpha.

changes/bug23532

@@ -1,5 +0,0 @@
-  o Minor bugfixes (usability, control port):
-    - Stop making an unnecessary routerlist check in NETINFO clock
-      skew detection; this was preventing clients from reporting
-      NETINFO clock skew to controllers.  Fixes bug 23532; bugfix on
-      0.2.4.4-alpha.

changes/bug3056

@@ -1,3 +0,0 @@
-  o Minor features (exit relay, DNS):
-    - Improve the clarity and safety of the log message from evdns when
-      receiving an apparent spoofed DNS reply. Closes ticket 3056.

changes/bug4019

@@ -1,4 +0,0 @@
-  o Minor bugfixes (logging):
-    - Remove duplicate log messages regarding opening non-local SocksPorts
-      upon parsing config and opening listeners at startup. Fixes bug 4019;
-      bugfix on 0.2.3.3-alpha.

changes/bug5847

@@ -1,5 +0,0 @@
-  o Minor features (control port):
-    - Provide better error message for GETINFO desc/(id|name) when
-      microdescriptors are in use and router descriptors are not fetched.
-      Closes ticket 5847. Patch by Kevin Butler.
-

changes/bug7890

@@ -1,4 +0,0 @@
-  o Minor bugfixes (logging):
-    - Use a more comprehensible log message when telling the user they've
-      excluded every running exit node. Fixes bug 7890; bugfix on
-      0.2.2.25-alpha.

changes/doc20152

@@ -1,3 +0,0 @@
-  o Documentation:
-    - Improve the documentation for the directory port part of the
-      DirAuthority line. Closes ticket 20152.

changes/feature19254

@@ -1,3 +0,0 @@
-  o Minor features (controller):
-    - Adds a timestamp field to the CIRC_BW and STREAM_BW bandwidth
-      events. Closes ticket 19254. Patch by "DonnchaC".

changes/feature20119_1

@@ -1,3 +0,0 @@
-  o Minor features (startup, safety):
-    - When configured to write a PID file, Tor now exits if it is unable to
-      do so.  Previously, it would warn and continue. Closes ticket 20119.

changes/feature22407

@@ -1,5 +0,0 @@
-  o Minor features (client):
-    - You can now use Tor as a tunneled HTTP proxy: use the HTTPTunnelPort
-      option to open a port that accepts HTTP CONNECT requests.
-      Closes ticket 22407.
-

changes/feature22976

@@ -1,8 +0,0 @@
-  o Minor features (integration, hardening):
-    - Added a new NoExec option, to prevent Tor from running
-      other programs. When this option is set to 1,
-      Tor will never try to run another program, regardless of
-      the settings of PortForwardingHelper, ClientTransportPlugin,
-      or ServerTransportPlugin. Once NoExec is set, it cannot be
-      disabled without restarting Tor.
-      Closes ticket 22976.

changes/feature23090

@@ -1,3 +0,0 @@
-  o Minor features (linux seccomp2 sandbox):
-    - If the sandbox filter fails to load, suggest to the user that their
-      kernel might not support seccomp2. Closes ticket 23090.

changes/feature23237

@@ -1,4 +0,0 @@
-  o Minor features (controller):
-    - Added new GETINFO targets ip-to-country/{ipv4,ipv6}-available, so
-      controllers can tell whether the geoip databases are loaded.
-      Closes ticket 23237.

changes/prop224

@@ -1,36 +0,0 @@
-  o Major features (next-generation onion services):
-    - Tor now supports the next-generation onion services protocol for clients
-      and services! As part of this release, the core of proposal 224 has been
-      implemented and is available for experimentation and testing by our
-      users. This newer version of onion services (v3) features various
-      improvements over the legacy system:
-        a) Better crypto (replaced SHA1/DH/RSA1024 with SHA3/ed25519/curve25519)
-        b) Improved directory protocol leaking less to directory servers.
-        c) Improved directory protocol with smaller surface for targeted attacks.
-        d) Better onion address security against impersonation.
-        e) More extensible introduction/rendezvous protocol.
-        f) A cleaner and more modular codebase.
-
-      Furthermore, as part of this update, onion addresses increase in length
-      and are now 56 characters long:
-         4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion
-
-      In the future, we will be releasing more options and features but we
-      first need a testing period, so that the current codebase matures and
-      becomes more robust. Here are some of the features we have planned:
-        1) Offline keys for onion services
-        2) Advanced client authorization for onion services
-        3) Improved guard algorithm for onion services
-        4) Next-gen onion service statistics
-
-      Please see our proposal for more details:
-        https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt
-
-      The default version for onion services remains v2 (the legacy system)
-      until this new codebase gets tested and hardened.
-
-      Service operators who want to experiment with the new system can use the
-      'HiddenServiceVersion 3' torrc directive along with the regular onion
-      service configuration options.
-
-      We will publish a blog post about this new feature soon! Enjoy!

changes/refactor-buffer

@@ -1,3 +0,0 @@
-  o Code simplification and refactoring:
-    - Split the portions of the buffer.c module that handle particular
-      protocols into separate modules. Part of ticket 23149.

changes/ticket12541

@@ -1,23 +0,0 @@
-  o Major feature (scheduler, channel):
-    - Introducing the KIST scheduler which stands for Kernel Informed Socket
-      Transport. It is only available on Linux systems. This comes from a
-      researched and published paper you can find here:
-
-      http://www.robgjansen.com/publications/kist-sec2014.pdf
-      https://arxiv.org/abs/1709.01044
-
-      This is also a major refactoring of the entire scheduler subsystem in
-      order for it to be more modular and thus much more easier to add more
-      scheduler type later. The current scheduler has been named "Vanilla" but
-      we favor KIST if available in this version.
-
-      A new torrc option has been added and named "Schedulers type1,type2,..."
-      which allows a user to select which scheduler type it wants tor to use.
-      It is also possible to change it at runtime. It is an ordered list by
-      priority. KIST might not be available on all platforms so there is a
-      fallback to "KISTLite" that uses the same mechanisms but without the
-      kernel support.
-
-      The current default values are: Schedulers KIST,KISTLite,Vanilla.
-
-      Closes ticket 12541.

changes/ticket20488

@@ -1,5 +0,0 @@
-  o Minor features (logging, UI):
-    - Improve the warning message for specifying a relay by nickname.
-      The previous message implied that nickname registration was still
-      part of the Tor network design, which it isn't. Closes ticket 20488.
-

changes/ticket20575

@@ -1,4 +0,0 @@
-  o Deprecated features:
-    - Deprecate HTTPProxy/HTTPProxyAuthenticator config options. They only
-      applies to direct unencrypted HTTP connections to your directory server,
-      which your Tor probably isn't using. Closes ticket 20575.

changes/ticket21031

@@ -1,5 +0,0 @@
-  o Removed features:
-    - The ClientDNSRejectInternalAddresses flag can no longer be set on
-      non-testing networks. It has been deprecated since 0.2.9.2-alpha.
-      Closes ticket 21031.
-

changes/ticket22215

@@ -1,5 +0,0 @@
-  o Code simplification and refactoring:
-    - Remove some of the code that once supported "Named" and "Unnamed"
-      routers.  Authorities no longer vote for these flags. Closes ticket
-      22215.
-

changes/ticket22281

@@ -1,3 +0,0 @@
-  o Minor features (bug detection):
-    - Log a warning message, with stack trace, for any attempt to call
-      get_options() during option validation. Closes ticket 22281.

changes/ticket22311

@@ -1,3 +0,0 @@
-  o Code simplification and refactoring:
-    - Remove several now-obsolete functions for asking about old variants
-      directory authority status. Closes ticket 22311; patch from "huyvq".

changes/ticket22377

@@ -1,4 +0,0 @@
-  o Removed features:
-    - The controller API no longer includes an AUTHDIR_NEWDESCS event:
-      nobody was using it any longer. Closes ticket 22377.
-

changes/ticket22437

@@ -1,4 +0,0 @@
-  o Testing:
-    - The default chutney network tests now include tests for the
-      v3 hidden service design. Make sure you have the latest
-      version of chutney if you want to run these. Closes ticket 22437.

changes/ticket22521

@@ -1,3 +0,0 @@
-  o Code simplification and refactoring:
-    - Replace our STRUCT_OFFSET() macro with offsetof(). Closes
-      ticket 22521. Patch from Neel Chauhan.

changes/ticket22608

@@ -1,6 +0,0 @@
-  o Code simplification and refactoring:
-    - Extract the code for handling newly-open channels into a separate
-      function from the general code to handle channel state transitions.
-      This change simplifies our callgraph, reducing the size of the largest
-      strongly connected component by roughly a factor of two.
-      Closes ticket 22608

changes/ticket22684

@@ -1,5 +0,0 @@
-  o Minor features (control):
-    - Add GETINFO desc/download-enabled and md/download-enabled, to
-      inform the controller whether try to download router descriptors
-      and microdescriptors respectively. Closes ticket 22684.
-

changes/ticket22804

@@ -1,4 +0,0 @@
-  o Code simplification and refactoring:
-
-    - Split the enormous circuit_send_next_onion_skin() function into
-      multiple subfunctions. Closes ticket 22804.

changes/ticket22895

@@ -1,3 +0,0 @@
-  o Minor bugfixes (compilation):
-    - Fix unused variable warnings in donna's Curve25519 SSE2 code.
-      Fixes bug 22895; bugfix on 0.2.7.2-alpha.