diff --git a/ChangeLog b/ChangeLog index 566da0478d..73403a1780 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,357 @@ +Changes in version 0.3.2.1-alpha - 2017-09-18 + BLURB + + Below are the changes since Tor 0.3.1.7. + + o Major feature (scheduler, channel): + - Introducing the KIST scheduler which stands for Kernel Informed + Socket Transport. It is only available on Linux systems. This + comes from a researched and published paper you can find + here: http://www.robgjansen.com/publications/kist-sec2014.pdf + https://arxiv.org/abs/1709.01044 This is also a major refactoring + of the entire scheduler subsystem in order for it to be more + modular and thus much more easier to add more scheduler type + later. The current scheduler has been named "Vanilla" but we favor + KIST if available in this version. A new torrc option has been + added and named "Schedulers type1,type2,..." which allows a user + to select which scheduler type it wants tor to use. It is also + possible to change it at runtime. It is an ordered list by + priority. KIST might not be available on all platforms so there is + a fallback to "KISTLite" that uses the same mechanisms but without + the kernel support. The current default values are: Schedulers + KIST,KISTLite,Vanilla. Closes ticket 12541. + + o Major features (next-generation onion services): + - Tor now supports the next-generation onion services protocol for + clients and services! As part of this release, the core of + proposal 224 has been implemented and is available for + experimentation and testing by our users. This newer version of + onion services (v3) features various improvements over the legacy + system: a) Better crypto (replaced SHA1/DH/RSA1024 with + SHA3/ed25519/curve25519) b) Improved directory protocol leaking + less to directory servers. c) Improved directory protocol with + smaller surface for targeted attacks. d) Better onion address + security against impersonation. e) More extensible + introduction/rendezvous protocol. f) A cleaner and more modular + codebase. Furthermore, as part of this update, onion addresses + increase in length and are now 56 characters long: + 4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion In + the future, we will be releasing more options and features but we + first need a testing period, so that the current codebase matures + and becomes more robust. Here are some of the features we have + planned: 1) Offline keys for onion services 2) Advanced client + authorization for onion services 3) Improved guard algorithm for + onion services 4) Next-gen onion service statistics Please see our + proposal for more details: + https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt + The default version for onion services remains v2 (the legacy + system) until this new codebase gets tested and hardened. Service + operators who want to experiment with the new system can use the + 'HiddenServiceVersion 3' torrc directive along with the regular + onion service configuration options. We will publish a blog post + about this new feature soon! Enjoy! + + o Major bugfixes (usability, control port): + - Report trusted clock skew indications as bootstrap errors, so + controllers can more easily alert users. Fixes bug 23506; bugfix + on 0.1.2.6-alpha. + + o Minor features (bug detection): + - Log a warning message, with stack trace, for any attempt to call + get_options() during option validation. Closes ticket 22281. + + o Minor features (client directory bandwidth tuning): + - When downloading (micro)descriptors, don't split the list of + descriptors into multiple requests unless there are at least 32 + descriptors that we want. Previously, we split at 4, not 32, which + could lead to significant overhead in HTTP request size and + degradation in compression performance. Closes ticket 23220. + + o Minor features (client): + - You can now use Tor as a tunneled HTTP proxy: use the + HTTPTunnelPort option to open a port that accepts HTTP CONNECT + requests. Closes ticket 22407. + + o Minor features (client, entry guards): + - Add an extra check to make sure that we always use the new guard + selection code for picking our guards. Closes ticket 22779. + + o Minor features (command line): + - Add a new commandline option, --key-expiration, which prints when + the current signing key is going to expire. Implements ticket + 17639; patch by Isis Lovecruft. + + o Minor features (control port): + - If the control port is used as the HTTP proxy, responds with a + meaningful "This is the Tor control port" message, and log the + event. Closes ticket 1667. Patch from Ravi Chandra Padmala. + - Provide better error message for GETINFO desc/(id|name) when + microdescriptors are in use and router descriptors are not + fetched. Closes ticket 5847. Patch by Kevin Butler. + + o Minor features (control): + - Add GETINFO desc/download-enabled and md/download-enabled, to + inform the controller whether try to download router descriptors + and microdescriptors respectively. Closes ticket 22684. + + o Minor features (controller): + - Added new GETINFO targets ip-to-country/{ipv4,ipv6}-available, so + controllers can tell whether the geoip databases are loaded. + Closes ticket 23237. + - Adds a timestamp field to the CIRC_BW and STREAM_BW bandwidth + events. Closes ticket 19254. Patch by "DonnchaC". + + o Minor features (development support): + - Developers can now generate a call-graph for Tor using the + "calltool" python program, which post-processes object dumps. It + should work okay on many Linux and OSX platforms, and might work + elsewhere too. To run this, install calltool from + https://gitweb.torproject.org/user/nickm/calltool.git and run + "make callgraph". Closes ticket 19307. + + o Minor features (ed25519): + - Add validation function to checks for torsion components in + ed25119 public keys, used by prop224 client-side code. Closes + ticket 22006. Math help by Ian Goldberg. + + o Minor features (exit relay, DNS): + - Improve the clarity and safety of the log message from evdns when + receiving an apparent spoofed DNS reply. Closes ticket 3056. + + o Minor features (integration, hardening): + - Added a new NoExec option, to prevent Tor from running other + programs. When this option is set to 1, Tor will never try to run + another program, regardless of the settings of + PortForwardingHelper, ClientTransportPlugin, or + ServerTransportPlugin. Once NoExec is set, it cannot be disabled + without restarting Tor. Closes ticket 22976. + + o Minor features (linux seccomp2 sandbox): + - If the sandbox filter fails to load, suggest to the user that + their kernel might not support seccomp2. Closes ticket 23090. + + o Minor features (logging, UI): + - Improve the warning message for specifying a relay by nickname. + The previous message implied that nickname registration was still + part of the Tor network design, which it isn't. Closes + ticket 20488. + + o Minor features (portability): + - Check at configure time whether uint8_t is unsigned char. Lots of + existing code already assumes this, and there could be strict + aliasing issues if they aren't the same type. Closes ticket 22410. + + o Minor features (relay, configuration): + - Reject attempts to use relative file paths when RunAsDaemon is + set. Previously, Tor would accept these, but the directory- + changing step of RunAsDaemon would give strange and/or confusing + results. Closes ticket 22731. + + o Minor features (startup, safety): + - When configured to write a PID file, Tor now exits if it is unable + to do so. Previously, it would warn and continue. Closes + ticket 20119. + + o Minor features (static analysis): + - The BUG() macro has been changed slightly so that Coverity no + longer complains about dead code if the bug is impossible. Closes + ticket 23054. + + o Minor features (testing): + - Add a unit test to verify that we can parse a hardcoded v2 hidden + service descriptor. Closes ticket 15554. + + o Minor bugfix (relay address resolution): + - Avoid unnecessary calls to directory_fetches_from_authorities() on + relays. This avoids spurious address resolutions and descriptor + rebuilds. This is a mitigation for bug 21789. Fixes bug 23470; + bugfix on in 0.2.8.1-alpha. + + o Minor bugfixes (certificate handling): + - Fix a time handling bug in Tor certificates set to expire after + the year 2106. Fixes bug 23055; bugfix on 0.3.0.1-alpha. Found by + Coverity as CID 1415728. + + o Minor bugfixes (circuit logging): + - torspec says hop counts are 1-based, so fix two log messages that + mistakenly logged 0-based hop counts. Fixes bug 18982; bugfix on + 0.2.6.2-alpha and 0.2.4.5-alpha. Patch by teor. Credit to Xiaofan + Li for reporting this issue. + + o Minor bugfixes (client, usability): + - Refrain from needlessly rejecting SOCKS5-with-hostnames and + SOCKS4a requests that contain IP address strings, even when + SafeSocks in enabled, as this prevents user from connecting to + known IP addresses without relying on DNS for resolving. SafeSocks + still rejects SOCKS connections that connect to IP addresses when + those addresses are _not_ encoded as hostnames. Fixes bug 22461; + bugfix on Tor 0.2.6.2-alpha. + + o Minor bugfixes (code correctness): + - Call htons() in extend_cell_format() for encoding a 16-bit value. + Previously we used ntohs(), which happens to behave the same on + all the platforms we support, but which isn't really correct. + Fixes bug 23106; bugfix on 0.2.4.8-alpha. + + o Minor bugfixes (compilation): + - Fix unused variable warnings in donna's Curve25519 SSE2 code. + Fixes bug 22895; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (consensus expiry): + - Tor would reconsider updating its directory information every 2 + minutes instead of only doing it for a consensus that is more than + 24 hours old (badly expired). This specific check is done in the + tor main loop callback that validates if we have an expired + consensus. Fixes bug 23091; bugfix on 0.2.0.19-alpha. + + o Minor bugfixes (correctness, controller): + - Make the controller's write_escaped_data() function robust to + extremely long inputs. Right now, it doesn't actually receive any + extremely long inputs, so this is for defense in depth. Fixes bug + 19281; bugfix on 0.1.1.1-alpha. Reported by Guido Vranken. + + o Minor bugfixes (crypto): + - Properly detect and refuse to blind bad ed25519 keys. The key + blinding code is currently unused, so this bug does not affect tor + clients or services on the network. Fixes bug 22746; bugfix + on 0.2.6.1-alpha. + + o Minor bugfixes (directories): + - Directory servers now include a "Date:" http header for response + codes other than 200. Clients starting with a skewed clock and a + recent consensus were getting "304 Not modified" responses from + directory authorities, so without a Date header the client would + never hear about a wrong clock. Fixes bug 23499; bugfix + on 0.0.8rc1. + + o Minor bugfixes (directory downloads): + - Make clients wait for 6 seconds before trying to download their + consensus from an authority. Fixes bug 17750; bugfix + on 0.2.8.1-alpha. + + o Minor bugfixes (DoS-resistance): + - If future code asks if there are any running bridges, without + checking if bridges are enabled, log a BUG warning rather than + crashing. Fixes bug 23524; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (format strictness): + - Restrict several data formats to decimal. Previously, the + BuildTimeHistogram entries in the state file, the "bw=" entries in + the bandwidth authority file, and process IDs passed to the + __OwningControllerProcess option could all be specified in hex or + octal as well as in decimal. This was not an intentional feature. + Fixes bug 22802; bugfixes on 0.2.2.1-alpha, 0.2.2.2-alpha, + and 0.2.2.28-beta. + + o Minor bugfixes (heartbeat): + - If we fail to write a heartbeat message, schedule a retry for the + minimum heartbeat interval number of seconds in the future. Fixes + bug 19476; bugfix on 0.2.3.1-alpha. + + o Minor bugfixes (linux seccomp2 sandbox, logging): + - Fix some messages on unexpected errors from the seccomp2 library. + Fixes bug 22750; bugfix on 0.2.5.1-alpha. Patch from "cypherpunks". + + o Minor bugfixes (logging): + - Remove duplicate log messages regarding opening non-local + SocksPorts upon parsing config and opening listeners at startup. + Fixes bug 4019; bugfix on 0.2.3.3-alpha. + - Use a more comprehensible log message when telling the user + they've excluded every running exit node. Fixes bug 7890; bugfix + on 0.2.2.25-alpha. + - When logging the number of descriptors we intend to download per + directory request, do not log a number higher than then the number + of descriptors we're fetching in total. Fixes bug 19648; bugfix + on 0.1.1.8-alpha. + - When warning about a directory owned by the wrong user, log the + actual name of the user owning the directory. Previously, we'd log + the name of the process owner twice. Fixes bug 23487; bugfix + on 0.2.9.1-alpha. + + o Minor bugfixes (portability): + - Stop using the PATH_MAX variable. The variable is not defined in + GNU Hurd which prevents Tor from being built. Fixes bug 23098; + bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (relay): + - When uploading our descriptor for the first time after startup, + report the reason for uploading as "Tor just started" rather than + leaving it blank. Fixes bug 22885; bugfix on 0.2.3.4-alpha. + + o Minor bugfixes (test): + - Fix a broken unit test for the OutboundAddress option: the parsing + function was never returning an error on failure. Fixes bug 23366; + bugfix on 0.3.0.3-alpha. + + o Minor bugfixes (tests): + - Fix a signed-integer overflow in the unit tests for + dir/download_status_random_backoff, which was untriggered until we + fixed bug 17750. Fixes bug 22924; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (usability, control port): + - Stop making an unnecessary routerlist check in NETINFO clock skew + detection; this was preventing clients from reporting NETINFO clock + skew to controllers. Fixes bug 23532; bugfix on 0.2.4.4-alpha. + + o Code simplification and refactoring: + - Extract the code for handling newly-open channels into a separate + function from the general code to handle channel state + transitions. This change simplifies our callgraph, reducing the + size of the largest strongly connected component by roughly a + factor of two. Closes ticket 22608 + - Remove dead code for largely unused statistics on the number of + times we've attempted various public key operations. Fixes bug + 19871; bugfix on 0.1.2.4-alpha. Fix by Isis Lovecruft. + - Remove several now-obsolete functions for asking about old + variants directory authority status. Closes ticket 22311; patch + from "huyvq". + - Remove some of the code that once supported "Named" and "Unnamed" + routers. Authorities no longer vote for these flags. Closes + ticket 22215. + - Rename the obsolete malleable hybrid_encrypt functions used in TAP + and old hidden services to indicate that they aren't suitable for + new protocols or formats. Closes ticket 23026. + - Replace our STRUCT_OFFSET() macro with offsetof(). Closes ticket + 22521. Patch from Neel Chauhan. + - Split the enormous circuit_send_next_onion_skin() function into + multiple subfunctions. Closes ticket 22804. + - Split the portions of the buffer.c module that handle particular + protocols into separate modules. Part of ticket 23149. + - Use our test macros more consistently, to produce more useful + error messages when our unit tests fail. Add coccinelle patches to + allow us to re-check for test macro uses. Closes ticket 22497. + + o Deprecated features: + - Deprecate HTTPProxy/HTTPProxyAuthenticator config options. They + only applies to direct unencrypted HTTP connections to your + directory server, which your Tor probably isn't using. Closes + ticket 20575. + + o Documentation: + - Clarify in the manual that "Sandbox 1" is only supported on Linux + kernels. Closes ticket 22677. + - Document all values of PublishServerDescriptor in the manpage. + Closes ticket 15645. + - Improve the documentation for the directory port part of the + DirAuthority line. Closes ticket 20152. + - Restore documentation for the authorities' "approved-routers" + file. Closes ticket 21148. + + o Removed features: + - The AllowDotExit option has been removed as unsafe. It has been + deprecated since 0.2.9.2-alpha. Closes ticket 23426. + - The ClientDNSRejectInternalAddresses flag can no longer be set on + non-testing networks. It has been deprecated since 0.2.9.2-alpha. + Closes ticket 21031. + - The controller API no longer includes an AUTHDIR_NEWDESCS event: + nobody was using it any longer. Closes ticket 22377. + + o Testing: + - The default chutney network tests now include tests for the v3 + hidden service design. Make sure you have the latest version of + chutney if you want to run these. Closes ticket 22437. + + Changes in version 0.2.8.15 - 2017-09-18 Tor 0.2.8.15 backports a collection of bugfixes from later Tor series. diff --git a/changes/15554 b/changes/15554 deleted file mode 100644 index c7ae7e5579..0000000000 --- a/changes/15554 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (testing): - - Add a unit test to verify that we can parse a hardcoded v2 - hidden service descriptor. Closes ticket 15554. - diff --git a/changes/19307 b/changes/19307 deleted file mode 100644 index 35f323f1b0..0000000000 --- a/changes/19307 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (development support): - - Developers can now generate a call-graph for Tor using the - "calltool" python program, which post-processes object dumps. It - should work okay on many Linux and OSX platforms, and might work - elsewhere too. To run this, install calltool from - https://gitweb.torproject.org/user/nickm/calltool.git and run - "make callgraph". Closes ticket 19307. diff --git a/changes/21148 b/changes/21148 deleted file mode 100644 index 4e3c332279..0000000000 --- a/changes/21148 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Restore documentation for the authorities' "approved-routers" file. - Closes ticket 21148. - diff --git a/changes/bug15645 b/changes/bug15645 deleted file mode 100644 index 781d20e092..0000000000 --- a/changes/bug15645 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Document all values of PublishServerDescriptor in the manpage. - Closes ticket 15645. diff --git a/changes/bug1667 b/changes/bug1667 deleted file mode 100644 index 368f9e35b2..0000000000 --- a/changes/bug1667 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (control port): - - If the control port is used as the HTTP proxy, responds with - a meaningful "This is the Tor control port" message, and log - the event. Closes ticket 1667. Patch from Ravi Chandra Padmala. diff --git a/changes/bug17639 b/changes/bug17639 deleted file mode 100644 index be69edbc78..0000000000 --- a/changes/bug17639 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (command line): - - Add a new commandline option, --key-expiration, which prints when - the current signing key is going to expire. Implements ticket - 17639; patch by Isis Lovecruft. diff --git a/changes/bug17750 b/changes/bug17750 deleted file mode 100644 index c5894a9713..0000000000 --- a/changes/bug17750 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (directory downloads): - - Make clients wait for 6 seconds before trying to download their - consensus from an authority. - Fixes bug 17750; bugfix on 0.2.8.1-alpha. diff --git a/changes/bug18982 b/changes/bug18982 deleted file mode 100644 index bfcae4fb5e..0000000000 --- a/changes/bug18982 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (circuit logging): - - torspec says hop counts are 1-based, so fix two log messages - that mistakenly logged 0-based hop counts. - Fixes bug 18982; bugfix on 0.2.6.2-alpha - and 0.2.4.5-alpha. Patch by teor. - Credit to Xiaofan Li for reporting this issue. diff --git a/changes/bug19281 b/changes/bug19281 deleted file mode 100644 index 1586ba34f3..0000000000 --- a/changes/bug19281 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (correctness, controller): - - Make the controller's write_escaped_data() function robust to extremely - long inputs. Right now, it doesn't actually receive any extremely - long inputs, so this is for defense in depth. Fixes bug 19281; - bugfix on 0.1.1.1-alpha. Reported by Guido Vranken. diff --git a/changes/bug19476 b/changes/bug19476 deleted file mode 100644 index dbde485b30..0000000000 --- a/changes/bug19476 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (heartbeat): - - If we fail to write a heartbeat message, schedule a retry for the minimum - heartbeat interval number of seconds in the future. Fixes bug 19476; - bugfix on 0.2.3.1-alpha. diff --git a/changes/bug19648 b/changes/bug19648 deleted file mode 100644 index e8c2a6a094..0000000000 --- a/changes/bug19648 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (logging): - - When logging the number of descriptors we intend to download per - directory request, do not log a number higher than then the - number of descriptors we're fetching in total. Fixes bug 19648; - bugfix on 0.1.1.8-alpha. diff --git a/changes/bug19871 b/changes/bug19871 deleted file mode 100644 index 4c4fbfa9e9..0000000000 --- a/changes/bug19871 +++ /dev/null @@ -1,4 +0,0 @@ - o Code simplification and refactoring: - - Remove dead code for largely unused statistics on the number of - times we've attempted various public key operations. Fixes bug - 19871; bugfix on 0.1.2.4-alpha. Fix by Isis Lovecruft. diff --git a/changes/bug22006 b/changes/bug22006 deleted file mode 100644 index 8b6f128b95..0000000000 --- a/changes/bug22006 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (ed25519): - - Add validation function to checks for torsion components in ed25119 - public keys, used by prop224 client-side - code. Closes ticket 22006. Math help by Ian Goldberg. diff --git a/changes/bug22410 b/changes/bug22410 deleted file mode 100644 index ee5fc68f33..0000000000 --- a/changes/bug22410 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (portability): - - Check at configure time whether uint8_t is unsigned char. Lots - of existing code already assumes this, and there could be strict - aliasing issues if they aren't the same type. Closes ticket 22410. diff --git a/changes/bug22461 b/changes/bug22461 deleted file mode 100644 index 3fd5e2164c..0000000000 --- a/changes/bug22461 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (client, usability): - - Refrain from needlessly rejecting SOCKS5-with-hostnames and SOCKS4a - requests that contain IP address strings, even when SafeSocks in - enabled, as this prevents user from connecting to known IP addresses - without relying on DNS for resolving. SafeSocks still rejects SOCKS - connections that connect to IP addresses when those addresses are _not_ - encoded as hostnames. Fixes bug 22461; bugfix on Tor 0.2.6.2-alpha. diff --git a/changes/bug22497 b/changes/bug22497 deleted file mode 100644 index 8cde87ff79..0000000000 --- a/changes/bug22497 +++ /dev/null @@ -1,4 +0,0 @@ - o Code simplification and refactoring: - - Use our test macros more consistently, to produce more useful - error messages when our unit tests fail. Add coccinelle patches - to allow us to re-check for test macro uses. Closes ticket 22497. diff --git a/changes/bug22677 b/changes/bug22677 deleted file mode 100644 index 6d750172a9..0000000000 --- a/changes/bug22677 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Clarify in the manual that "Sandbox 1" is only supported on Linux - kernels. Closes ticket 22677. diff --git a/changes/bug22731 b/changes/bug22731 deleted file mode 100644 index acb65d56e5..0000000000 --- a/changes/bug22731 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (relay, configuration): - - Reject attempts to use relative file paths when RunAsDaemon is set. - Previously, Tor would accept these, but the directory-changing step - of RunAsDaemon would give strange and/or confusing results. - Closes ticket 22731. diff --git a/changes/bug22746 b/changes/bug22746 deleted file mode 100644 index b036460c30..0000000000 --- a/changes/bug22746 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (crypto): - - Properly detect and refuse to blind bad ed25519 keys. The key blinding - code is currently unused, so this bug does not affect tor clients or - services on the network. Fixes bug 22746; bugfix on 0.2.6.1-alpha. diff --git a/changes/bug22750 b/changes/bug22750 deleted file mode 100644 index 426cae6f1e..0000000000 --- a/changes/bug22750 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (linux seccomp2 sandbox, logging): - - Fix some messages on unexpected errors from the seccomp2 - library. Fixes bug 22750; bugfix on 0.2.5.1-alpha. Patch - from "cypherpunks". - diff --git a/changes/bug22779 b/changes/bug22779 deleted file mode 100644 index dc5bc3859c..0000000000 --- a/changes/bug22779 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (client, entry guards): - - Add an extra check to make sure that we always use the - new guard selection code for picking our guards. Closes - ticket 22779. diff --git a/changes/bug22802 b/changes/bug22802 deleted file mode 100644 index 7255164fd4..0000000000 --- a/changes/bug22802 +++ /dev/null @@ -1,10 +0,0 @@ - o Minor bugfixes (format strictness): - - Restrict several data formats to decimal. Previously, the - BuildTimeHistogram entries in the state file, the "bw=" entries in the - bandwidth authority file, and process IDs passed to the - __OwningControllerProcess option could all be specified in hex or octal - as well as in decimal. This was not an intentional feature. - Fixes bug 22802; bugfixes on 0.2.2.1-alpha, 0.2.2.2-alpha, and - 0.2.2.28-beta. - - diff --git a/changes/bug22885 b/changes/bug22885 deleted file mode 100644 index d95e879eb8..0000000000 --- a/changes/bug22885 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (relay): - - When uploading our descriptor for the first time after startup, - report the reason for uploading as "Tor just started" rather than - leaving it blank. Fixes bug 22885; bugfix on 0.2.3.4-alpha. - diff --git a/changes/bug22924 b/changes/bug22924 deleted file mode 100644 index 6d05f51cf9..0000000000 --- a/changes/bug22924 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (tests): - - Fix a signed-integer overflow in the unit tests for - dir/download_status_random_backoff, which was untriggered until we - fixed bug 17750. Fixes bug 22924; bugfix on 0.2.9.1-alpha. diff --git a/changes/bug23026 b/changes/bug23026 deleted file mode 100644 index b00745cfa3..0000000000 --- a/changes/bug23026 +++ /dev/null @@ -1,4 +0,0 @@ - o Code simplification and refactoring: - - Rename the obsolete malleable hybrid_encrypt functions used in - TAP and old hidden services to indicate that they aren't suitable - for new protocols or formats. Closes ticket 23026. diff --git a/changes/bug23054 b/changes/bug23054 deleted file mode 100644 index 39006cd807..0000000000 --- a/changes/bug23054 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (static analysis): - - The BUG() macro has been changed slightly so that Coverity no - longer complains about dead code if the bug is impossible. Closes - ticket 23054. diff --git a/changes/bug23055 b/changes/bug23055 deleted file mode 100644 index eee1397c13..0000000000 --- a/changes/bug23055 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (certificate handling): - - Fix a time handling bug in Tor certificates set to expire after - the year 2106. Fixes bug 23055; bugfix on 0.3.0.1-alpha. - Found by Coverity as CID 1415728. diff --git a/changes/bug23091 b/changes/bug23091 deleted file mode 100644 index 6e2acf53c0..0000000000 --- a/changes/bug23091 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (consensus expiry): - - Tor would reconsider updating its directory information every 2 minutes - instead of only doing it for a consensus that is more than 24 hours old - (badly expired). This specific check is done in the tor main loop - callback that validates if we have an expired consensus. Fixes bug - 23091; bugfix on 0.2.0.19-alpha. diff --git a/changes/bug23098 b/changes/bug23098 deleted file mode 100644 index 2075f13ba7..0000000000 --- a/changes/bug23098 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (portability): - - Stop using the PATH_MAX variable. The variable is not defined in - GNU Hurd which prevents Tor from being built. Fixes bug 23098; - bugfix on 0.3.1.1-alpha. diff --git a/changes/bug23106 b/changes/bug23106 deleted file mode 100644 index d4ced15f82..0000000000 --- a/changes/bug23106 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (code correctness): - - Call htons() in extend_cell_format() for encoding a 16-bit - value. Previously we used ntohs(), which happens to behave the - same on all the platforms we support, but which isn't really - correct. Fixes bug 23106; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug23220 b/changes/bug23220 deleted file mode 100644 index 9c2efc959a..0000000000 --- a/changes/bug23220 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (client directory bandwidth tuning): - - - When downloading (micro)descriptors, don't split the list of - descriptors into multiple requests unless there are at least 32 - descriptors that we want. Previously, we split at 4, not 32, which - could lead to significant overhead in HTTP request size and - degradation in compression performance. Closes ticket 23220. diff --git a/changes/bug23366 b/changes/bug23366 deleted file mode 100644 index c7e0fdf2ba..0000000000 --- a/changes/bug23366 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (test): - - Fix a broken unit test for the OutboundAddress option: the parsing - function was never returning an error on failure. Fixes bug 23366; - bugfix on 0.3.0.3-alpha. diff --git a/changes/bug23426 b/changes/bug23426 deleted file mode 100644 index 63c127c539..0000000000 --- a/changes/bug23426 +++ /dev/null @@ -1,4 +0,0 @@ - o Removed features: - - The AllowDotExit option has been removed as unsafe. It has - been deprecated since 0.2.9.2-alpha. Closes ticket 23426. - diff --git a/changes/bug23470 b/changes/bug23470 deleted file mode 100644 index d5b345b725..0000000000 --- a/changes/bug23470 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfix (relay address resolution): - - Avoid unnecessary calls to directory_fetches_from_authorities() - on relays. This avoids spurious address resolutions and - descriptor rebuilds. This is a mitigation for bug 21789. - Fixes bug 23470; bugfix on in 0.2.8.1-alpha. diff --git a/changes/bug23487 b/changes/bug23487 deleted file mode 100644 index 89b55c243a..0000000000 --- a/changes/bug23487 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (logging): - - When warning about a directory owned by the wrong user, log the actual - name of the user owning the directory. Previously, we'd log the name - of the process owner twice. Fixes bug 23487; bugfix on 0.2.9.1-alpha. - diff --git a/changes/bug23499 b/changes/bug23499 deleted file mode 100644 index 28ae57aae1..0000000000 --- a/changes/bug23499 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (directories): - - Directory servers now include a "Date:" http header for response - codes other than 200. Clients starting with a skewed clock and a - recent consensus were getting "304 Not modified" responses from - directory authorities, so without a Date header the client would - never hear about a wrong clock. Fixes bug 23499; bugfix on 0.0.8rc1. diff --git a/changes/bug23506 b/changes/bug23506 deleted file mode 100644 index f2efad4e7e..0000000000 --- a/changes/bug23506 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (usability, control port): - - Report trusted clock skew indications as bootstrap errors, so - controllers can more easily alert users. Fixes bug 23506; - bugfix on 0.1.2.6-alpha. diff --git a/changes/bug23524 b/changes/bug23524 deleted file mode 100644 index 500520e72f..0000000000 --- a/changes/bug23524 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (DoS-resistance): - - If future code asks if there are any running bridges, without checking - if bridges are enabled, log a BUG warning rather than crashing. - Fixes bug 23524; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug23532 b/changes/bug23532 deleted file mode 100644 index 3eb2345cea..0000000000 --- a/changes/bug23532 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (usability, control port): - - Stop making an unnecessary routerlist check in NETINFO clock - skew detection; this was preventing clients from reporting - NETINFO clock skew to controllers. Fixes bug 23532; bugfix on - 0.2.4.4-alpha. diff --git a/changes/bug3056 b/changes/bug3056 deleted file mode 100644 index 1e9b9f9b43..0000000000 --- a/changes/bug3056 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (exit relay, DNS): - - Improve the clarity and safety of the log message from evdns when - receiving an apparent spoofed DNS reply. Closes ticket 3056. diff --git a/changes/bug4019 b/changes/bug4019 deleted file mode 100644 index 559c73b703..0000000000 --- a/changes/bug4019 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (logging): - - Remove duplicate log messages regarding opening non-local SocksPorts - upon parsing config and opening listeners at startup. Fixes bug 4019; - bugfix on 0.2.3.3-alpha. diff --git a/changes/bug5847 b/changes/bug5847 deleted file mode 100644 index 782fc7b721..0000000000 --- a/changes/bug5847 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (control port): - - Provide better error message for GETINFO desc/(id|name) when - microdescriptors are in use and router descriptors are not fetched. - Closes ticket 5847. Patch by Kevin Butler. - diff --git a/changes/bug7890 b/changes/bug7890 deleted file mode 100644 index 1daec58ae2..0000000000 --- a/changes/bug7890 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (logging): - - Use a more comprehensible log message when telling the user they've - excluded every running exit node. Fixes bug 7890; bugfix on - 0.2.2.25-alpha. diff --git a/changes/doc20152 b/changes/doc20152 deleted file mode 100644 index 8b044e56df..0000000000 --- a/changes/doc20152 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Improve the documentation for the directory port part of the - DirAuthority line. Closes ticket 20152. diff --git a/changes/feature19254 b/changes/feature19254 deleted file mode 100644 index 598ecc88dd..0000000000 --- a/changes/feature19254 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (controller): - - Adds a timestamp field to the CIRC_BW and STREAM_BW bandwidth - events. Closes ticket 19254. Patch by "DonnchaC". diff --git a/changes/feature20119_1 b/changes/feature20119_1 deleted file mode 100644 index 69914f210b..0000000000 --- a/changes/feature20119_1 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (startup, safety): - - When configured to write a PID file, Tor now exits if it is unable to - do so. Previously, it would warn and continue. Closes ticket 20119. diff --git a/changes/feature22407 b/changes/feature22407 deleted file mode 100644 index aec6c15f46..0000000000 --- a/changes/feature22407 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (client): - - You can now use Tor as a tunneled HTTP proxy: use the HTTPTunnelPort - option to open a port that accepts HTTP CONNECT requests. - Closes ticket 22407. - diff --git a/changes/feature22976 b/changes/feature22976 deleted file mode 100644 index 407fd15b0a..0000000000 --- a/changes/feature22976 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor features (integration, hardening): - - Added a new NoExec option, to prevent Tor from running - other programs. When this option is set to 1, - Tor will never try to run another program, regardless of - the settings of PortForwardingHelper, ClientTransportPlugin, - or ServerTransportPlugin. Once NoExec is set, it cannot be - disabled without restarting Tor. - Closes ticket 22976. diff --git a/changes/feature23090 b/changes/feature23090 deleted file mode 100644 index 44cdac5ca1..0000000000 --- a/changes/feature23090 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (linux seccomp2 sandbox): - - If the sandbox filter fails to load, suggest to the user that their - kernel might not support seccomp2. Closes ticket 23090. diff --git a/changes/feature23237 b/changes/feature23237 deleted file mode 100644 index 261577261c..0000000000 --- a/changes/feature23237 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (controller): - - Added new GETINFO targets ip-to-country/{ipv4,ipv6}-available, so - controllers can tell whether the geoip databases are loaded. - Closes ticket 23237. diff --git a/changes/prop224 b/changes/prop224 deleted file mode 100644 index 9401ff7835..0000000000 --- a/changes/prop224 +++ /dev/null @@ -1,36 +0,0 @@ - o Major features (next-generation onion services): - - Tor now supports the next-generation onion services protocol for clients - and services! As part of this release, the core of proposal 224 has been - implemented and is available for experimentation and testing by our - users. This newer version of onion services (v3) features various - improvements over the legacy system: - a) Better crypto (replaced SHA1/DH/RSA1024 with SHA3/ed25519/curve25519) - b) Improved directory protocol leaking less to directory servers. - c) Improved directory protocol with smaller surface for targeted attacks. - d) Better onion address security against impersonation. - e) More extensible introduction/rendezvous protocol. - f) A cleaner and more modular codebase. - - Furthermore, as part of this update, onion addresses increase in length - and are now 56 characters long: - 4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion - - In the future, we will be releasing more options and features but we - first need a testing period, so that the current codebase matures and - becomes more robust. Here are some of the features we have planned: - 1) Offline keys for onion services - 2) Advanced client authorization for onion services - 3) Improved guard algorithm for onion services - 4) Next-gen onion service statistics - - Please see our proposal for more details: - https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt - - The default version for onion services remains v2 (the legacy system) - until this new codebase gets tested and hardened. - - Service operators who want to experiment with the new system can use the - 'HiddenServiceVersion 3' torrc directive along with the regular onion - service configuration options. - - We will publish a blog post about this new feature soon! Enjoy! diff --git a/changes/refactor-buffer b/changes/refactor-buffer deleted file mode 100644 index 29e0bc3e8b..0000000000 --- a/changes/refactor-buffer +++ /dev/null @@ -1,3 +0,0 @@ - o Code simplification and refactoring: - - Split the portions of the buffer.c module that handle particular - protocols into separate modules. Part of ticket 23149. diff --git a/changes/ticket12541 b/changes/ticket12541 deleted file mode 100644 index db6d2ad50b..0000000000 --- a/changes/ticket12541 +++ /dev/null @@ -1,23 +0,0 @@ - o Major feature (scheduler, channel): - - Introducing the KIST scheduler which stands for Kernel Informed Socket - Transport. It is only available on Linux systems. This comes from a - researched and published paper you can find here: - - http://www.robgjansen.com/publications/kist-sec2014.pdf - https://arxiv.org/abs/1709.01044 - - This is also a major refactoring of the entire scheduler subsystem in - order for it to be more modular and thus much more easier to add more - scheduler type later. The current scheduler has been named "Vanilla" but - we favor KIST if available in this version. - - A new torrc option has been added and named "Schedulers type1,type2,..." - which allows a user to select which scheduler type it wants tor to use. - It is also possible to change it at runtime. It is an ordered list by - priority. KIST might not be available on all platforms so there is a - fallback to "KISTLite" that uses the same mechanisms but without the - kernel support. - - The current default values are: Schedulers KIST,KISTLite,Vanilla. - - Closes ticket 12541. diff --git a/changes/ticket20488 b/changes/ticket20488 deleted file mode 100644 index ad1b874372..0000000000 --- a/changes/ticket20488 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (logging, UI): - - Improve the warning message for specifying a relay by nickname. - The previous message implied that nickname registration was still - part of the Tor network design, which it isn't. Closes ticket 20488. - diff --git a/changes/ticket20575 b/changes/ticket20575 deleted file mode 100644 index 6d9a5fc90d..0000000000 --- a/changes/ticket20575 +++ /dev/null @@ -1,4 +0,0 @@ - o Deprecated features: - - Deprecate HTTPProxy/HTTPProxyAuthenticator config options. They only - applies to direct unencrypted HTTP connections to your directory server, - which your Tor probably isn't using. Closes ticket 20575. diff --git a/changes/ticket21031 b/changes/ticket21031 deleted file mode 100644 index 79ad5267b5..0000000000 --- a/changes/ticket21031 +++ /dev/null @@ -1,5 +0,0 @@ - o Removed features: - - The ClientDNSRejectInternalAddresses flag can no longer be set on - non-testing networks. It has been deprecated since 0.2.9.2-alpha. - Closes ticket 21031. - diff --git a/changes/ticket22215 b/changes/ticket22215 deleted file mode 100644 index 3ede7ca9e5..0000000000 --- a/changes/ticket22215 +++ /dev/null @@ -1,5 +0,0 @@ - o Code simplification and refactoring: - - Remove some of the code that once supported "Named" and "Unnamed" - routers. Authorities no longer vote for these flags. Closes ticket - 22215. - diff --git a/changes/ticket22281 b/changes/ticket22281 deleted file mode 100644 index 95787580ff..0000000000 --- a/changes/ticket22281 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (bug detection): - - Log a warning message, with stack trace, for any attempt to call - get_options() during option validation. Closes ticket 22281. diff --git a/changes/ticket22311 b/changes/ticket22311 deleted file mode 100644 index 0bfd465f83..0000000000 --- a/changes/ticket22311 +++ /dev/null @@ -1,3 +0,0 @@ - o Code simplification and refactoring: - - Remove several now-obsolete functions for asking about old variants - directory authority status. Closes ticket 22311; patch from "huyvq". diff --git a/changes/ticket22377 b/changes/ticket22377 deleted file mode 100644 index 4f15c16204..0000000000 --- a/changes/ticket22377 +++ /dev/null @@ -1,4 +0,0 @@ - o Removed features: - - The controller API no longer includes an AUTHDIR_NEWDESCS event: - nobody was using it any longer. Closes ticket 22377. - diff --git a/changes/ticket22437 b/changes/ticket22437 deleted file mode 100644 index 8e4c9630c8..0000000000 --- a/changes/ticket22437 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing: - - The default chutney network tests now include tests for the - v3 hidden service design. Make sure you have the latest - version of chutney if you want to run these. Closes ticket 22437. diff --git a/changes/ticket22521 b/changes/ticket22521 deleted file mode 100644 index 15a6218fa7..0000000000 --- a/changes/ticket22521 +++ /dev/null @@ -1,3 +0,0 @@ - o Code simplification and refactoring: - - Replace our STRUCT_OFFSET() macro with offsetof(). Closes - ticket 22521. Patch from Neel Chauhan. diff --git a/changes/ticket22608 b/changes/ticket22608 deleted file mode 100644 index 5aa9db27f1..0000000000 --- a/changes/ticket22608 +++ /dev/null @@ -1,6 +0,0 @@ - o Code simplification and refactoring: - - Extract the code for handling newly-open channels into a separate - function from the general code to handle channel state transitions. - This change simplifies our callgraph, reducing the size of the largest - strongly connected component by roughly a factor of two. - Closes ticket 22608 diff --git a/changes/ticket22684 b/changes/ticket22684 deleted file mode 100644 index f1d9d21abb..0000000000 --- a/changes/ticket22684 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (control): - - Add GETINFO desc/download-enabled and md/download-enabled, to - inform the controller whether try to download router descriptors - and microdescriptors respectively. Closes ticket 22684. - diff --git a/changes/ticket22804 b/changes/ticket22804 deleted file mode 100644 index a5d71c5120..0000000000 --- a/changes/ticket22804 +++ /dev/null @@ -1,4 +0,0 @@ - o Code simplification and refactoring: - - - Split the enormous circuit_send_next_onion_skin() function into - multiple subfunctions. Closes ticket 22804. diff --git a/changes/ticket22895 b/changes/ticket22895 deleted file mode 100644 index a3f7b86019..0000000000 --- a/changes/ticket22895 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix unused variable warnings in donna's Curve25519 SSE2 code. - Fixes bug 22895; bugfix on 0.2.7.2-alpha.