mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 04:13:28 +01:00
Run format_changelog
This commit is contained in:
Nick Mathewson
parent
e6d3836d96
commit
4c165aca04
558
ChangeLog
558
ChangeLog
@ -1,168 +1,161 @@
|
|||||||
Changes in version 0.4.5.1-alpha - 2020-10-30
|
Changes in version 0.4.5.1-alpha - 2020-10-30
|
||||||
Tor 0.4.5.1-alpha is the first alpha release in the 0.4.5.x series.
|
Tor 0.4.5.1-alpha is the first alpha release in the 0.4.5.x series. It
|
||||||
It improves support for IPv6, address discovery and self-testing, code
|
improves support for IPv6, address discovery and self-testing, code
|
||||||
metrics and tracing.
|
metrics and tracing.
|
||||||
|
|
||||||
Here are the changes since 0.4.4.5.
|
Here are the changes since 0.4.4.5.
|
||||||
|
|
||||||
o Major features (IPv6, relay):
|
- The "optimistic data" feature is now always on; there is no longer
|
||||||
- The torrc option Address now supports IPv6. By doing so, we've also
|
an option to disable it from the torrc file or from the consensus
|
||||||
unified the interface to find our address to support IPv4, IPv6 and
|
directory. Closes part of 40139. - The "usecreatefast" network
|
||||||
hostname. Closes ticket 33233.
|
parameter is now removed; there is no longer an option for authorities
|
||||||
|
to turn it off. Closes part of 40139.
|
||||||
o Major features (relay, IPv6):
|
|
||||||
- Relays now automatically bind on IPv6 for their ORPort unless specified
|
|
||||||
otherwise with the IPv4Only flag. Closes ticket 33246.
|
|
||||||
|
|
||||||
o Major features (tracing):
|
|
||||||
- Add a tracing library with USDT and LTTng-UST support. Few tracepoints
|
|
||||||
were added in the circuit subsystem. More will come incrementally. This
|
|
||||||
feature is compiled out by default. It needs to be enabled at configure
|
|
||||||
time. See documentation in doc/HACKING/Tracing.md. Closes ticket 32910.
|
|
||||||
|
|
||||||
o Major features (IPv6, relay):
|
o Major features (IPv6, relay):
|
||||||
- Launch IPv4 and IPv6 ORPort self-test circuits on relays and bridges.
|
- The torrc option Address now supports IPv6. By doing so, we've
|
||||||
Closes ticket 33222.
|
also unified the interface to find our address to support IPv4,
|
||||||
|
IPv6 and hostname. Closes ticket 33233.
|
||||||
|
- Launch IPv4 and IPv6 ORPort self-test circuits on relays and
|
||||||
|
bridges. Closes ticket 33222.
|
||||||
|
|
||||||
o Major features (metrics):
|
o Major features (metrics):
|
||||||
- Introduce a new MetricsPort which exposes, through an HTTP GET /metrics, a
|
- Introduce a new MetricsPort which exposes, through an HTTP GET
|
||||||
series of metrics that tor collects at runtime. At the moment, the only
|
/metrics, a series of metrics that tor collects at runtime. At the
|
||||||
supported output format is Prometheus data model. Closes ticket 40063;
|
moment, the only supported output format is Prometheus data model.
|
||||||
|
Closes ticket 40063;
|
||||||
|
|
||||||
o Major features (relay self-testing, IPv6):
|
o Major features (relay self-testing, IPv6):
|
||||||
- Relays now track their IPv6 ORPort separately from the reachability of
|
- Relays now track their IPv6 ORPort separately from the reachability
|
||||||
their IPv4 ORPort. They will not publish a descriptor unless _both_
|
of their IPv4 ORPort. They will not publish a descriptor unless
|
||||||
ports appear to be externally reachable. Closes ticket 34067.
|
_both_ ports appear to be externally reachable. Closes
|
||||||
|
ticket 34067.
|
||||||
|
|
||||||
o Major features (relay, IPv6):
|
o Major features (relay, IPv6):
|
||||||
|
- Relays now automatically bind on IPv6 for their ORPort unless
|
||||||
|
specified otherwise with the IPv4Only flag. Closes ticket 33246.
|
||||||
- When a relay with IPv6 support opens a connection to another
|
- When a relay with IPv6 support opens a connection to another
|
||||||
relay, and the extend cell lists both IPv4 and IPv6 addresses, the
|
relay, and the extend cell lists both IPv4 and IPv6 addresses, the
|
||||||
first relay now picks randomly which address to use. Closes
|
first relay now picks randomly which address to use. Closes
|
||||||
ticket 33220.
|
ticket 33220.
|
||||||
|
|
||||||
|
o Major features (tracing):
|
||||||
|
- Add a tracing library with USDT and LTTng-UST support. Few
|
||||||
|
tracepoints were added in the circuit subsystem. More will come
|
||||||
|
incrementally. This feature is compiled out by default. It needs
|
||||||
|
to be enabled at configure time. See documentation in
|
||||||
|
doc/HACKING/Tracing.md. Closes ticket 32910.
|
||||||
|
|
||||||
o Major bugfix (TLS, buffer):
|
o Major bugfix (TLS, buffer):
|
||||||
- When attempting to read N bytes on a TLS connection, really try to read
|
- When attempting to read N bytes on a TLS connection, really try to
|
||||||
those N bytes. Before that, Tor would stop reading after the first TLS
|
read those N bytes. Before that, Tor would stop reading after the
|
||||||
record which can be smaller than N bytes even though more data was waiting
|
first TLS record which can be smaller than N bytes even though
|
||||||
on the TLS connection socket. The remaining data would have been read at
|
more data was waiting on the TLS connection socket. The remaining
|
||||||
the next mainloop event. Fixes bug 40006; bugfix on 0.1.0.5-rc.
|
data would have been read at the next mainloop event. Fixes bug
|
||||||
|
40006; bugfix on 0.1.0.5-rc.
|
||||||
|
|
||||||
o Minor features (address discovery):
|
o Minor features (address discovery):
|
||||||
- If no Address statements are found, relays now prioritize guessing their
|
- If no Address statements are found, relays now prioritize guessing
|
||||||
address by looking at the local interface instead of the local hostname.
|
their address by looking at the local interface instead of the
|
||||||
If the interface address can't be found, the local hostname is used.
|
local hostname. If the interface address can't be found, the local
|
||||||
Closes ticket 33238.
|
hostname is used. Closes ticket 33238.
|
||||||
|
|
||||||
|
o Minor features (admin tools):
|
||||||
|
- Add new --format argument to -key-expiration option to allow
|
||||||
|
specifying the time format of expiration date. Adds Unix timestamp
|
||||||
|
format support. Patch by Daniel Pinto. Closes ticket 30045.
|
||||||
|
|
||||||
|
o Minor features (authorities):
|
||||||
|
- Authorities now list a different set of protocols as required and
|
||||||
|
recommended. These lists are chosen so that only truly recommended
|
||||||
|
and/or required protocols are included, and so that clients using
|
||||||
|
0.2.9 or later will continue to work (even though they are not
|
||||||
|
supported), whereas only relays running 0.3.5 or later will meet
|
||||||
|
the requirements. Closes ticket 40162.
|
||||||
|
|
||||||
|
o Minor features (bootstrap reporting):
|
||||||
|
- When reporting bootstrapping status on a relay, do not consider
|
||||||
|
connections that have never been the target of an origin circuit.
|
||||||
|
Previously, all connection failures were treated as potential
|
||||||
|
bootstrapping failures, including those that had been opened
|
||||||
|
because of client requests. Closes ticket 25061.
|
||||||
|
|
||||||
|
o Minor features (build):
|
||||||
|
- If the configure script has given any warnings, remind the user
|
||||||
|
about them at the end of the script. Related to 40138.
|
||||||
|
- When running the configure script, try to detect version
|
||||||
|
mismatches between the openssl headers and libraries, and suggest
|
||||||
|
that the user should try "--with-openssl-dir". Closes 40138.
|
||||||
|
|
||||||
|
o Minor features (compilation):
|
||||||
|
- When building Tor, first link all object files into a single
|
||||||
|
static library. This may help with embedding Tor in other
|
||||||
|
programs. Note that most Tor functions do not constitute a part of
|
||||||
|
a stable or supported API: Only those functions in tor_api.h
|
||||||
|
should be used if embedding Tor. Closes ticket 40127.
|
||||||
|
|
||||||
o Minor features (configuration):
|
o Minor features (configuration):
|
||||||
- Allow the using wildcards (* and ?) with the %include option on
|
- Allow the using wildcards (* and ?) with the %include option on
|
||||||
configuration files. Closes ticket 25140. Patch by Daniel Pinto.
|
configuration files. Closes ticket 25140. Patch by Daniel Pinto.
|
||||||
- Allows configuration options EntryNodes, ExcludeNodes,
|
- Allows configuration options EntryNodes, ExcludeNodes,
|
||||||
ExcludeExitNodes, ExitNodes, MiddleNodes, HSLayer2Nodes and
|
ExcludeExitNodes, ExitNodes, MiddleNodes, HSLayer2Nodes and
|
||||||
HSLayer3Nodes to be specified multiple times. Closes ticket
|
HSLayer3Nodes to be specified multiple times. Closes ticket 28361.
|
||||||
28361. Patch by Daniel Pinto.
|
Patch by Daniel Pinto.
|
||||||
|
|
||||||
o Minor features (control port):
|
|
||||||
- Add a DROPTIMEOUTS control port command to drop circuit build timeout
|
|
||||||
history and reset the timeout. Closes ticket 40002.
|
|
||||||
|
|
||||||
o Minor features (directory authorities):
|
|
||||||
- Create new consensus method that removes the unecessary = padding
|
|
||||||
from ntor-onion-key. Closes ticket 7869. Patch by Daniel Pinto.
|
|
||||||
|
|
||||||
o Minor features (relay):
|
|
||||||
- If a relay is unable to discover its address, attempt to learn it from the
|
|
||||||
NETINFO cell. Closes ticket 40022.
|
|
||||||
|
|
||||||
o Minor features (relay, address discovery):
|
|
||||||
- If Address is not found in torrc, attempt to learn our address with the
|
|
||||||
configured ORPort address if any. Closes ticket 33236.
|
|
||||||
|
|
||||||
o Minor features (admin tools):
|
|
||||||
- Add new --format argument to -key-expiration option to allow
|
|
||||||
specifying the time format of expiration date. Adds Unix
|
|
||||||
timestamp format support. Patch by Daniel Pinto. Closes
|
|
||||||
ticket 30045.
|
|
||||||
|
|
||||||
o Minor features (authorities):
|
|
||||||
- Authorities now list a different set of protocols as required and
|
|
||||||
recommended. These lists are chosen so that only truly recommended
|
|
||||||
and/or required protocols are included, and so that clients using 0.2.9
|
|
||||||
or later will continue to work (even though they are not supported),
|
|
||||||
whereas only relays running 0.3.5 or later will meet the requirements.
|
|
||||||
Closes ticket 40162.
|
|
||||||
|
|
||||||
o Minor features (bootstrap reporting):
|
|
||||||
- When reporting bootstrapping status on a relay, do not consider
|
|
||||||
connections that have never been the target of an origin circuit.
|
|
||||||
Previously, all connection failures were treated as potential
|
|
||||||
bootstrapping failures, including those that had been opened because of
|
|
||||||
client requests. Closes ticket 25061.
|
|
||||||
|
|
||||||
o Minor features (build):
|
|
||||||
- If the configure script has given any warnings, remind the user about
|
|
||||||
them at the end of the script. Related to 40138.
|
|
||||||
- When running the configure script, try to detect version mismatches
|
|
||||||
between the openssl headers and libraries, and suggest that the
|
|
||||||
user should try "--with-openssl-dir". Closes 40138.
|
|
||||||
|
|
||||||
o Minor features (compilation):
|
|
||||||
- When building Tor, first link all object files into a single
|
|
||||||
static library. This may help with embedding Tor in other
|
|
||||||
programs. Note that most Tor functions do not constitute a
|
|
||||||
part of a stable or supported API: Only those functions in
|
|
||||||
tor_api.h should be used if embedding Tor. Closes ticket
|
|
||||||
40127.
|
|
||||||
|
|
||||||
o Minor features (control port):
|
o Minor features (control port):
|
||||||
|
- Add a DROPTIMEOUTS control port command to drop circuit build
|
||||||
|
timeout history and reset the timeout. Closes ticket 40002.
|
||||||
- When a stream enters the AP_CONN_STATE_CONTROLLER_WAIT status,
|
- When a stream enters the AP_CONN_STATE_CONTROLLER_WAIT status,
|
||||||
send a control port event CONTROLLER_WAIT. Closes ticket 32190.
|
send a control port event CONTROLLER_WAIT. Closes ticket 32190.
|
||||||
Patch by Neel Chauhan.
|
Patch by Neel Chauhan.
|
||||||
|
|
||||||
o Minor features (control port, relay):
|
o Minor features (control port, relay):
|
||||||
- Introduce "GETINFO address/v4" and "GETINFO address/v6" in the control
|
- Introduce "GETINFO address/v4" and "GETINFO address/v6" in the
|
||||||
port to fetch the Tor host's respective IPv4 or IPv6 address. We keep
|
control port to fetch the Tor host's respective IPv4 or IPv6
|
||||||
"GETINFO address" for backwords-compatibility which retains the current
|
address. We keep "GETINFO address" for backwords-compatibility
|
||||||
behavior. Closes ticket 40039. Patch by Neel Chauhan.
|
which retains the current behavior. Closes ticket 40039. Patch by
|
||||||
|
Neel Chauhan.
|
||||||
|
|
||||||
o Minor features (control port, rephist):
|
o Minor features (control port, rephist):
|
||||||
- Introduce GETINFO "stats/ntor/{assigned/requested}" and
|
- Introduce GETINFO "stats/ntor/{assigned/requested}" and
|
||||||
"stats/tap/{assigned/requested}" to get the NTorand TAP
|
"stats/tap/{assigned/requested}" to get the NTorand TAP circuit
|
||||||
circuit onion handshake rephist values respectively.
|
onion handshake rephist values respectively. Closes ticket 28279.
|
||||||
Closes ticket 28279. Patch by Neel Chauhan.
|
Patch by Neel Chauhan.
|
||||||
|
|
||||||
o Minor features (controller, IPv6):
|
o Minor features (controller, IPv6):
|
||||||
- Tor relays now try to report to the controller when they are launching
|
- Tor relays now try to report to the controller when they are
|
||||||
an IPv6 self-test. Closes ticket 34068.
|
launching an IPv6 self-test. Closes ticket 34068.
|
||||||
|
|
||||||
o Minor features (directory authorities):
|
o Minor features (directory authorities):
|
||||||
|
- Create new consensus method that removes the unecessary = padding
|
||||||
|
from ntor-onion-key. Closes ticket 7869. Patch by Daniel Pinto.
|
||||||
- Directory authorities now reject descriptors from relays running
|
- Directory authorities now reject descriptors from relays running
|
||||||
Tor versions from the 0.4.1 series, but still allow the 0.3.5
|
Tor versions from the 0.4.1 series, but still allow the 0.3.5
|
||||||
series. Resolves ticket 34357. Patch by Neel Chauhan.
|
series. Resolves ticket 34357. Patch by Neel Chauhan.
|
||||||
|
|
||||||
o Minor features (directory authorities, IPv6):
|
o Minor features (directory authorities, IPv6):
|
||||||
- Make authorities add their IPv6 ORPort (if any) to the trusted dir
|
- Make authorities add their IPv6 ORPort (if any) to the trusted dir
|
||||||
servers list. Authorities currently add themselves to the trusted dir
|
servers list. Authorities currently add themselves to the trusted
|
||||||
servers list, but they only add their IPv4 address and ports to the list.
|
dir servers list, but they only add their IPv4 address and ports
|
||||||
Closes ticket 32822.
|
to the list. Closes ticket 32822.
|
||||||
|
|
||||||
o Minor features (directory authority):
|
o Minor features (directory authority):
|
||||||
- Make it possible to specify multiple ConsensusParams torrc lines.
|
- Make it possible to specify multiple ConsensusParams torrc lines.
|
||||||
Now directory authority operators can for example put the main
|
Now directory authority operators can for example put the main
|
||||||
ConsensusParams config in one torrc file and then add to it from
|
ConsensusParams config in one torrc file and then add to it from a
|
||||||
a different torrc file. Closes ticket 40164.
|
different torrc file. Closes ticket 40164.
|
||||||
- The AssumeReachable option no longer stops directory authorities
|
- The AssumeReachable option no longer stops directory authorities
|
||||||
from checking whether other relays are running. A new
|
from checking whether other relays are running. A new
|
||||||
AuthDirTestReachability option can be used to disable these checks.
|
AuthDirTestReachability option can be used to disable these
|
||||||
Closes ticket 34445.
|
checks. Closes ticket 34445.
|
||||||
- When looking for possible sybil attacks, also consider IPv6 addresses.
|
- When looking for possible sybil attacks, also consider IPv6
|
||||||
Two routers are considered to have "the same" address by this metric
|
addresses. Two routers are considered to have "the same" address
|
||||||
if they are in the same /64 network. Patch from Maurice Pibouin. Closes
|
by this metric if they are in the same /64 network. Patch from
|
||||||
ticket 7193.
|
Maurice Pibouin. Closes ticket 7193.
|
||||||
|
|
||||||
o Minor features (ed25519, relay):
|
o Minor features (ed25519, relay):
|
||||||
- Save a relay's base64-encoded ed25519 identity key to the data
|
- Save a relay's base64-encoded ed25519 identity key to the data
|
||||||
directory in a file named fingerprint-ed25519. Closes ticket 30642.
|
directory in a file named fingerprint-ed25519. Closes ticket
|
||||||
Patch by Neel Chauhan.
|
30642. Patch by Neel Chauhan.
|
||||||
|
|
||||||
o Minor features (heartbeat):
|
o Minor features (heartbeat):
|
||||||
- Include the total number of inbound and outbound IPv4 and IPv6
|
- Include the total number of inbound and outbound IPv4 and IPv6
|
||||||
@ -170,30 +163,31 @@ Changes in version 0.4.5.1-alpha - 2020-10-30
|
|||||||
|
|
||||||
o Minor features (IPv6, ExcludeNodes):
|
o Minor features (IPv6, ExcludeNodes):
|
||||||
- Make routerset_contains_router() capable of handling IPv6
|
- Make routerset_contains_router() capable of handling IPv6
|
||||||
addresses. This makes ExcludeNodes capable of excluding an
|
addresses. This makes ExcludeNodes capable of excluding an IPv6
|
||||||
IPv6 adddress. Previously, ExcludeNodes ignored IPv6
|
adddress. Previously, ExcludeNodes ignored IPv6 addresses. Closes
|
||||||
addresses. Closes ticket 34065. Patch by Neel Chauhan.
|
ticket 34065. Patch by Neel Chauhan.
|
||||||
|
|
||||||
o Minor features (IPv6, relay):
|
o Minor features (IPv6, relay):
|
||||||
- Allow relays to send IPv6-only extend cells. Closes ticket 33222.
|
- Allow relays to send IPv6-only extend cells. Closes ticket 33222.
|
||||||
- Declare support for the Relay=3 subprotocol version. Closes ticket 33226.
|
- Declare support for the Relay=3 subprotocol version. Closes
|
||||||
|
ticket 33226.
|
||||||
- When launching IPv6 ORPort self-test circuits, make sure that the
|
- When launching IPv6 ORPort self-test circuits, make sure that the
|
||||||
second-last hop can initiate an IPv6 extend. Closes ticket 33222.
|
second-last hop can initiate an IPv6 extend. Closes ticket 33222.
|
||||||
|
|
||||||
o Minor features (logging):
|
o Minor features (logging):
|
||||||
- Adds the running glibc version to the log. Also adds the
|
- Adds the running glibc version to the log. Also adds the running
|
||||||
running and compiled glibc version to the library list
|
and compiled glibc version to the library list returned when using
|
||||||
returned when using the flag --library-versions. Patch
|
the flag --library-versions. Patch from Daniel Pinto. Closes
|
||||||
from Daniel Pinto. Closes ticket 40047; bugfix on
|
ticket 40047; bugfix on 0.4.5.0-alpha-dev.
|
||||||
0.4.5.0-alpha-dev.
|
- Consider 301 as an error like a 404 when processing the response
|
||||||
- Consider 301 as an error like a 404 when processing the response to a
|
to a request for a group of server descriptors or an extrainfo
|
||||||
request for a group of server descriptors or an extrainfo documents.
|
documents. Closes ticket 40053.
|
||||||
Closes ticket 40053.
|
- Print directory fetch information a single line. Closes
|
||||||
- Print directory fetch information a single line. Closes ticket 40159.
|
ticket 40159.
|
||||||
- Provide more complete descriptions of our connections when logging
|
- Provide more complete descriptions of our connections when logging
|
||||||
about them. Closes ticket 40041.
|
about them. Closes ticket 40041.
|
||||||
- When describing a relay in th elogs, we now include its ed25519 identity.
|
- When describing a relay in th elogs, we now include its ed25519
|
||||||
Closes ticket 22668.
|
identity. Closes ticket 22668.
|
||||||
|
|
||||||
o Minor features (onion services):
|
o Minor features (onion services):
|
||||||
- When writing an onion service hostname file, first read it to make
|
- When writing an onion service hostname file, first read it to make
|
||||||
@ -203,263 +197,269 @@ Changes in version 0.4.5.1-alpha - 2020-10-30
|
|||||||
Neel Chauhan.
|
Neel Chauhan.
|
||||||
|
|
||||||
o Minor features (pluggable transports):
|
o Minor features (pluggable transports):
|
||||||
- Added option OutboundBindAddressPT to torrc. This option allows users to
|
- Added option OutboundBindAddressPT to torrc. This option allows
|
||||||
specify which IPv4 and IPv6 address they want pluggable transports to use
|
users to specify which IPv4 and IPv6 address they want pluggable
|
||||||
for outgoing IP packets. Tor does not have a way to enforce that the pluggable
|
transports to use for outgoing IP packets. Tor does not have a way
|
||||||
transport honors this option so each pluggable transport will have to
|
to enforce that the pluggable transport honors this option so each
|
||||||
implement support for this feature. Closes ticket 5304.
|
pluggable transport will have to implement support for this
|
||||||
|
feature. Closes ticket 5304.
|
||||||
|
|
||||||
o Minor features (protocol simplification):
|
o Minor features (protocol simplification):
|
||||||
- Tor no longer allows subprotocol versions larger than 63. Previously
|
- Tor no longer allows subprotocol versions larger than 63.
|
||||||
versions up to UINT32_MAX were allowed, which significantly complicated
|
Previously versions up to UINT32_MAX were allowed, which
|
||||||
our code.
|
significantly complicated our code. Implements proposal 318;
|
||||||
Implements proposal 318; closes ticket 40133.
|
closes ticket 40133.
|
||||||
|
|
||||||
o Minor features (relay address tracking):
|
o Minor features (relay address tracking):
|
||||||
- We store relay addresses for OR connections in a more logical way.
|
- We store relay addresses for OR connections in a more logical way.
|
||||||
Previously we would sometimes overwrite the actual address of a
|
Previously we would sometimes overwrite the actual address of a
|
||||||
connection with a "canonical address", and then store the "real
|
connection with a "canonical address", and then store the "real
|
||||||
address" elsewhere to remember it. We now track the "canonical address"
|
address" elsewhere to remember it. We now track the "canonical
|
||||||
elsewhere for the cases where we need it, and leave the connection's
|
address" elsewhere for the cases where we need it, and leave the
|
||||||
address alone. Closes ticket 33898.
|
connection's address alone. Closes ticket 33898.
|
||||||
|
|
||||||
o Minor features (relay):
|
o Minor features (relay):
|
||||||
- Log immediately when launching a relay self-check. Previously
|
- If a relay is unable to discover its address, attempt to learn it
|
||||||
we would try to log before launching checks, or approximately
|
from the NETINFO cell. Closes ticket 40022.
|
||||||
when we intended to launch checks, but this tended to be
|
- Log immediately when launching a relay self-check. Previously we
|
||||||
error-prone. Closes ticket 34137.
|
would try to log before launching checks, or approximately when we
|
||||||
|
intended to launch checks, but this tended to be error-prone.
|
||||||
|
Closes ticket 34137.
|
||||||
|
|
||||||
|
o Minor features (relay, address discovery):
|
||||||
|
- If Address is not found in torrc, attempt to learn our address
|
||||||
|
with the configured ORPort address if any. Closes ticket 33236.
|
||||||
|
|
||||||
o Minor features (relay, IPv6):
|
o Minor features (relay, IPv6):
|
||||||
- Add an AssumeReachableIPv6 option to disable self-checking IPv6
|
- Add an AssumeReachableIPv6 option to disable self-checking IPv6
|
||||||
reachability. Closes part of ticket 33224.
|
reachability. Closes part of ticket 33224.
|
||||||
- Add new "assume-reachable" and "assume-reachable-ipv6" parameters
|
- Add new "assume-reachable" and "assume-reachable-ipv6" parameters
|
||||||
to be used in an emergency to tell relays that they should publish
|
to be used in an emergency to tell relays that they should publish
|
||||||
even if they cannot complete their ORPort self-checks.
|
even if they cannot complete their ORPort self-checks. Closes
|
||||||
Closes ticket 34064 and part of 33224.
|
ticket 34064 and part of 33224.
|
||||||
|
|
||||||
o Minor features (specification update):
|
o Minor features (specification update):
|
||||||
- Several fields in microdescriptors, router descriptors, and consensus
|
- Several fields in microdescriptors, router descriptors, and
|
||||||
documents that were formerly optional are now required. Implements
|
consensus documents that were formerly optional are now required.
|
||||||
proposal 315; closes ticket 40132.
|
Implements proposal 315; closes ticket 40132.
|
||||||
|
|
||||||
o Minor features (state):
|
o Minor features (state):
|
||||||
- When loading the state file, remove entries from the statefile that
|
- When loading the state file, remove entries from the statefile
|
||||||
have been obsolete for a long time. Ordinarily Tor preserves
|
that have been obsolete for a long time. Ordinarily Tor preserves
|
||||||
unrecognized entries in order to keep forward-compatibility, but
|
unrecognized entries in order to keep forward-compatibility, but
|
||||||
these statefile entries have not actually been used in any release
|
these statefile entries have not actually been used in any release
|
||||||
since before the 0.3.5.x. Closes ticket 40137.
|
since before the 0.3.5.x. Closes ticket 40137.
|
||||||
|
|
||||||
o Minor features (statistics, ipv6):
|
o Minor features (statistics, ipv6):
|
||||||
- Relays now publish IPv6-specific counts of single-direction
|
- Relays now publish IPv6-specific counts of single-direction versus
|
||||||
versus bidirectional relay connections.
|
bidirectional relay connections. Closes ticket 33264.
|
||||||
Closes ticket 33264.
|
|
||||||
- Relays now publish their IPv6 read and write statistics over time,
|
- Relays now publish their IPv6 read and write statistics over time,
|
||||||
if statistics are enabled.
|
if statistics are enabled. Closes ticket 33263.
|
||||||
Closes ticket 33263.
|
|
||||||
|
|
||||||
o Minor features (subprotocol versions):
|
o Minor features (subprotocol versions):
|
||||||
- Use the new limitations on subprotocol versions due to proposal
|
- Use the new limitations on subprotocol versions due to proposal
|
||||||
318 to simplify our implementation. Part of ticket 40133.
|
318 to simplify our implementation. Part of ticket 40133.
|
||||||
|
|
||||||
o Minor features (testing configuration):
|
o Minor features (testing configuration):
|
||||||
- The TestingTorNetwork no longer implicitly sets AssumeReachable to 1.
|
- The TestingTorNetwork no longer implicitly sets AssumeReachable to
|
||||||
This change will allow us to test relays' self-testing mechanisms,
|
1. This change will allow us to test relays' self-testing
|
||||||
and eventually to test authorities' relay-testing functionality.
|
mechanisms, and eventually to test authorities' relay-testing
|
||||||
Closes ticket 34446.
|
functionality. Closes ticket 34446.
|
||||||
|
|
||||||
o Minor features (testing):
|
o Minor features (testing):
|
||||||
- Added unit tests for channel_matches_target_addr_for_extend().
|
- Added unit tests for channel_matches_target_addr_for_extend().
|
||||||
Closes Ticket 33919. Patch by MrSquanchee.
|
Closes Ticket 33919. Patch by MrSquanchee.
|
||||||
|
|
||||||
o Minor bugfixes (logging):
|
o Minor bugfixes (security):
|
||||||
- Remove a debug logging statement that uselessly spam the logs. Fixes bug
|
- When completing a channel, relays now check more thoroughly to
|
||||||
40135; bugfix on 0.3.5.0-alpha.
|
make sure that it matches any pending circuits before attaching
|
||||||
|
those circuits. Previously, address correctness and Ed25519
|
||||||
|
identities were not checked in this case, but only when extending
|
||||||
|
circuits on an existing channel. Fixes bug 40080; bugfix
|
||||||
|
on 0.2.7.2-alpha.
|
||||||
|
|
||||||
o Minor bugfixes (circuit padding):
|
o Minor bugfixes (circuit padding):
|
||||||
- When circpad_send_padding_cell_for_callback is called,
|
- When circpad_send_padding_cell_for_callback is called,
|
||||||
`is_padding_timer_scheduled` flag was not reset. Now it is set to 0 at
|
`is_padding_timer_scheduled` flag was not reset. Now it is set to
|
||||||
the top of that function. Fixes bug 32671; bugfix on 0.4.0.1-alpha.
|
0 at the top of that function. Fixes bug 32671; bugfix
|
||||||
|
on 0.4.0.1-alpha.
|
||||||
- Add a per-circuit padding machine instance counter, so we can
|
- Add a per-circuit padding machine instance counter, so we can
|
||||||
differentiate between shutdown requests for old machines on a circuit;
|
differentiate between shutdown requests for old machines on a
|
||||||
Fixes bug 30992; bugfix on 0.4.1.1-alpha.
|
circuit; Fixes bug 30992; bugfix on 0.4.1.1-alpha.
|
||||||
- Add the abilility to keep circuit padding machines if they match a set
|
- Add the abilility to keep circuit padding machines if they match a
|
||||||
of circuit state or purposes. This allows us to have machines that start
|
set of circuit state or purposes. This allows us to have machines
|
||||||
up under some conditions but don't shut down under others. We now
|
that start up under some conditions but don't shut down under
|
||||||
use this mask to avoid starting up introduction circuit padding
|
others. We now use this mask to avoid starting up introduction
|
||||||
again after the machines have already completed. Fixes bug 32040;
|
circuit padding again after the machines have already completed.
|
||||||
bugfix on 0.4.1.1-alpha.
|
Fixes bug 32040; bugfix on 0.4.1.1-alpha.
|
||||||
|
|
||||||
o Minor bugfixes (compatibility):
|
o Minor bugfixes (compatibility):
|
||||||
- Strip '\r' characters when reading text files on Unix platforms.
|
- Strip '\r' characters when reading text files on Unix platforms.
|
||||||
This should resolve an issue where a relay operator migrates a relay from
|
This should resolve an issue where a relay operator migrates a
|
||||||
Windows to Unix, but does not change the line ending of Tor's various state
|
relay from Windows to Unix, but does not change the line ending of
|
||||||
files to match the platform, the CRLF line endings from Windows ends up leaking
|
Tor's various state files to match the platform, the CRLF line
|
||||||
into other files such as the extra-info document. Fixes bug 33781; bugfix on
|
endings from Windows ends up leaking into other files such as the
|
||||||
0.0.9pre5.
|
extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5.
|
||||||
|
|
||||||
o Minor bugfixes (compilation):
|
o Minor bugfixes (compilation):
|
||||||
- Fix compiler warnings that would occur when building with
|
- Fix compiler warnings that would occur when building with
|
||||||
"--enable-all-bugs-are-fatal" and "--disable-module-relay"
|
"--enable-all-bugs-are-fatal" and "--disable-module-relay" at the
|
||||||
at the same time. Fixes bug 40129; bugfix on 0.4.4.1-alpha.
|
same time. Fixes bug 40129; bugfix on 0.4.4.1-alpha.
|
||||||
- Resolve a compilation warning that could occur in test_connection.c.
|
- Resolve a compilation warning that could occur in
|
||||||
Fixes bug 40113; bugfix on 0.2.9.3-alpha.
|
test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha.
|
||||||
|
|
||||||
o Minor bugfixes (configuration):
|
o Minor bugfixes (configuration):
|
||||||
- Fix bug where %including a pattern ending with */ would include files
|
- Fix bug where %including a pattern ending with */ would include
|
||||||
and folders (instead of folders only) in versions of glibc < 2.19.
|
files and folders (instead of folders only) in versions of glibc <
|
||||||
Fixes bug 40141; bugfix on 0.4.5.0-alpha-dev. Patch by Daniel Pinto.
|
2.19. Fixes bug 40141; bugfix on 0.4.5.0-alpha-dev. Patch by
|
||||||
|
Daniel Pinto.
|
||||||
|
|
||||||
o Minor bugfixes (logging):
|
o Minor bugfixes (logging):
|
||||||
- When logging a rate-limited message about how many messages have been
|
- Remove a debug logging statement that uselessly spam the logs.
|
||||||
suppressed in the last N seconds, give an accurate value for N, rounded
|
Fixes bug 40135; bugfix on 0.3.5.0-alpha.
|
||||||
up to the nearest minute. Previously we would report the size of the
|
- When logging a rate-limited message about how many messages have
|
||||||
rate-limiting interval, regardless of when the messages started to
|
been suppressed in the last N seconds, give an accurate value for
|
||||||
occur. Fixes bug 19431; bugfix on 0.2.2.16-alpha.
|
N, rounded up to the nearest minute. Previously we would report
|
||||||
|
the size of the rate-limiting interval, regardless of when the
|
||||||
|
messages started to occur. Fixes bug 19431; bugfix
|
||||||
|
on 0.2.2.16-alpha.
|
||||||
|
|
||||||
o Minor bugfixes (protover):
|
o Minor bugfixes (protover):
|
||||||
- Consistently reject extra commas, instead of only rejecting leading commas.
|
- Consistently reject extra commas, instead of only rejecting
|
||||||
Fixes bug 27194; bugfix on 0.2.9.4-alpha.
|
leading commas. Fixes bug 27194; bugfix on 0.2.9.4-alpha.
|
||||||
|
|
||||||
o Minor bugfixes (relay configuration, crash):
|
o Minor bugfixes (relay configuration, crash):
|
||||||
- Avoid a fatal assert() when failing to create a listener connection for an
|
- Avoid a fatal assert() when failing to create a listener
|
||||||
address that was in use. Fixes bug 40073; bugfix on 0.3.5.1-alpha.
|
connection for an address that was in use. Fixes bug 40073; bugfix
|
||||||
|
on 0.3.5.1-alpha.
|
||||||
|
|
||||||
o Minor bugfixes (rust, protocol versions):
|
o Minor bugfixes (rust, protocol versions):
|
||||||
- Declare support for the onion service introduction point denial of
|
- Declare support for the onion service introduction point denial of
|
||||||
service extensions, when building tor with Rust.
|
service extensions, when building tor with Rust. Fixes bug 34248;
|
||||||
Fixes bug 34248; bugfix on 0.4.2.1-alpha.
|
bugfix on 0.4.2.1-alpha.
|
||||||
- Make Rust protocol version support checks consistent with the
|
- Make Rust protocol version support checks consistent with the
|
||||||
undocumented error behaviour of the corresponding C code.
|
undocumented error behaviour of the corresponding C code. Fixes
|
||||||
Fixes bug 34251; bugfix on 0.3.3.5-rc.
|
bug 34251; bugfix on 0.3.3.5-rc.
|
||||||
|
|
||||||
o Minor bugfixes (security):
|
|
||||||
- When completing a channel, relays now check more thoroughly to make
|
|
||||||
sure that it matches any pending circuits before attaching those
|
|
||||||
circuits. Previously, address correctness and Ed25519 identities were not
|
|
||||||
checked in this case, but only when extending circuits on an existing
|
|
||||||
channel. Fixes bug 40080; bugfix on 0.2.7.2-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (self-testing):
|
o Minor bugfixes (self-testing):
|
||||||
- When receiving an incoming circuit, only accept it as evidence that we
|
- When receiving an incoming circuit, only accept it as evidence
|
||||||
are reachable if the declared address of its channel is the same
|
that we are reachable if the declared address of its channel is
|
||||||
address we think that we have. Otherwise, it could be evidence that
|
the same address we think that we have. Otherwise, it could be
|
||||||
we're reachable on some other address. Fixes bug 20165; bugfix on
|
evidence that we're reachable on some other address. Fixes bug
|
||||||
0.1.0.1-rc.
|
20165; bugfix on 0.1.0.1-rc.
|
||||||
|
|
||||||
o Minor bugfixes (SOCKS, onion services):
|
o Minor bugfixes (SOCKS, onion services):
|
||||||
- Make sure we send the SOCKS request address in relay begin cells when a
|
- Make sure we send the SOCKS request address in relay begin cells
|
||||||
stream is attached with the purpose CIRCUIT_PURPOSE_CONTROLLER. Fixes bug
|
when a stream is attached with the purpose
|
||||||
33124; bugfix on 0.0.5. Patch by Neel Chauhan.
|
CIRCUIT_PURPOSE_CONTROLLER. Fixes bug 33124; bugfix on 0.0.5.
|
||||||
|
Patch by Neel Chauhan.
|
||||||
|
|
||||||
o Minor bugfixes (spec conformance):
|
o Minor bugfixes (spec conformance):
|
||||||
- Use the correct key type when generating signing->link
|
- Use the correct key type when generating signing->link
|
||||||
certificates. Fixes bug 40124; bugfix on 0.2.7.2-alpha.
|
certificates. Fixes bug 40124; bugfix on 0.2.7.2-alpha.
|
||||||
|
|
||||||
o Minor bugfixes (string handling):
|
o Minor bugfixes (string handling):
|
||||||
- In summarize_protover_flags(), treat empty strings the same as NULL.
|
- In summarize_protover_flags(), treat empty strings the same as
|
||||||
This prevents protocols_known from being set. Previously, we treated
|
NULL. This prevents protocols_known from being set. Previously, we
|
||||||
empty strings as normal strings, which led to protocols_known being
|
treated empty strings as normal strings, which led to
|
||||||
set. Fixes bug 34232; bugfix on 0.3.3.2-alpha. Patch by Neel Chauhan.
|
protocols_known being set. Fixes bug 34232; bugfix on
|
||||||
|
0.3.3.2-alpha. Patch by Neel Chauhan.
|
||||||
|
|
||||||
o Minor bugfixes (v2 onion services):
|
o Minor bugfixes (v2 onion services):
|
||||||
- For HSFETCH commands on v2 onion services addresses, check the length of
|
- For HSFETCH commands on v2 onion services addresses, check the
|
||||||
bytes decoded, not the base32 length. This takes the behavior introduced
|
length of bytes decoded, not the base32 length. This takes the
|
||||||
in commit a517daa56f5848d25ba79617a1a7b82ed2b0a7c0 into consideration.
|
behavior introduced in commit
|
||||||
Fixes bug 34400; bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan.
|
a517daa56f5848d25ba79617a1a7b82ed2b0a7c0 into consideration. Fixes
|
||||||
|
bug 34400; bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan.
|
||||||
o Code simplification and refactoring (autoconf):
|
|
||||||
- Remove autoconf checks for unused funcs and headers. Closes ticket
|
|
||||||
31699; Patch by @bduszel
|
|
||||||
|
|
||||||
o Code simplification and refactoring (maintainer scripts):
|
|
||||||
- Disable by default the pre-commit hook. Use the environment variable
|
|
||||||
TOR_EXTRA_PRE_COMMIT_CHECKS in order to run it. Furthermore, stop running
|
|
||||||
practracker in the pre-commit hook and make check-local. Closes ticket
|
|
||||||
40019.
|
|
||||||
|
|
||||||
o Code simplification and refactoring (relay address):
|
|
||||||
- Most of IPv4 representation was using "uint32_t". It has now been moved to
|
|
||||||
use the internal "tor_addr_t" interface instead. This is so we can
|
|
||||||
properly integrate IPv6 along IPv4 with common interfaces. Closes ticket
|
|
||||||
40043.
|
|
||||||
|
|
||||||
o Code simplification and refactoring:
|
o Code simplification and refactoring:
|
||||||
- Add and use a set of functions to perform downcasts on constant
|
- Add and use a set of functions to perform downcasts on constant
|
||||||
connection and channel pointers. Closes ticket 40046.
|
connection and channel pointers. Closes ticket 40046.
|
||||||
- Refactor our code that logs a descriptions of connections, channels,
|
- Refactor our code that logs a descriptions of connections,
|
||||||
and the peers on them, to use a single call path. This change
|
channels, and the peers on them, to use a single call path. This
|
||||||
enables us to refactor the data types that they use, and eliminate
|
change enables us to refactor the data types that they use, and
|
||||||
many confusing users of those types. Closes ticket 40041.
|
eliminate many confusing users of those types. Closes ticket 40041.
|
||||||
- Refactor some common node selection code into a single function.
|
- Refactor some common node selection code into a single function.
|
||||||
Closes ticket 34200.
|
Closes ticket 34200.
|
||||||
- Remove the now-redundant 'outbuf_flushlen' field from our connection
|
- Remove the now-redundant 'outbuf_flushlen' field from our
|
||||||
type. It was previously used for an older version of our rate-limiting
|
connection type. It was previously used for an older version of
|
||||||
logic. Closes ticket 33097.
|
our rate-limiting logic. Closes ticket 33097.
|
||||||
- Rename "fascist_firewall_*" identifiers to "reachable_addr_*" instead,
|
- Rename "fascist_firewall_*" identifiers to "reachable_addr_*"
|
||||||
for consistency with other code. Closes ticket 18106.
|
instead, for consistency with other code. Closes ticket 18106.
|
||||||
- Rename functions about "advertised" ports which are not in fact
|
- Rename functions about "advertised" ports which are not in fact
|
||||||
guaranteed to return the ports have been advertised. Closes
|
guaranteed to return the ports have been advertised. Closes
|
||||||
ticket 40055.
|
ticket 40055.
|
||||||
- Split implementation of several command line options from
|
- Split implementation of several command line options from
|
||||||
options_init_from_torrc into smaller isolated functions.
|
options_init_from_torrc into smaller isolated functions. Patch by
|
||||||
Patch by Daniel Pinto. Closes ticket 40102.
|
Daniel Pinto. Closes ticket 40102.
|
||||||
- When an extend cell is missing an IPv4 or IPv6 address, fill in the address
|
- When an extend cell is missing an IPv4 or IPv6 address, fill in
|
||||||
from the extend info. This is similar to what was done in ticket 33633 for
|
the address from the extend info. This is similar to what was done
|
||||||
ed25519 keys. Closes ticket 33816. Patch by Neel Chauhan.
|
in ticket 33633 for ed25519 keys. Closes ticket 33816. Patch by
|
||||||
|
Neel Chauhan.
|
||||||
|
|
||||||
o Deprecated features:
|
o Deprecated features:
|
||||||
- The "non-builtin" argument to the "--dump-config" command is now
|
- The "non-builtin" argument to the "--dump-config" command is now
|
||||||
deprecated. When it works, it behaves the same as "short", which
|
deprecated. When it works, it behaves the same as "short", which
|
||||||
you should use instead. Closes ticket 33398.
|
you should use instead. Closes ticket 33398.
|
||||||
|
|
||||||
|
o Documentation:
|
||||||
|
- Replace URLs from our old bugtracker so that they refer to the new
|
||||||
|
bugtracker and wiki. Closes ticket 40101.
|
||||||
|
|
||||||
|
o Removed features:
|
||||||
|
- We no longer ship or build a "tor.service" file for use with
|
||||||
|
systemd. No distribution included this script unmodified, and we
|
||||||
|
don't have the expertise ourselves to maintain this in a way that
|
||||||
|
all the various systemd-based distributions can use. Closes
|
||||||
|
ticket 30797.
|
||||||
|
- We no longer ship support for the Android logging API. Modern
|
||||||
|
versions of Android can use the syslog API instead. Closes
|
||||||
|
ticket 32181.
|
||||||
|
|
||||||
|
o Testing:
|
||||||
|
- Add unit tests for bandwidth statistics manipulation functions.
|
||||||
|
Closes ticket 33812. Patch by MrSquanchee.
|
||||||
|
|
||||||
|
o Code simplification and refactoring (autoconf):
|
||||||
|
- Remove autoconf checks for unused funcs and headers. Closes ticket
|
||||||
|
31699; Patch by @bduszel
|
||||||
|
|
||||||
|
o Code simplification and refactoring (maintainer scripts):
|
||||||
|
- Disable by default the pre-commit hook. Use the environment
|
||||||
|
variable TOR_EXTRA_PRE_COMMIT_CHECKS in order to run it.
|
||||||
|
Furthermore, stop running practracker in the pre-commit hook and
|
||||||
|
make check-local. Closes ticket 40019.
|
||||||
|
|
||||||
|
o Code simplification and refactoring (relay address):
|
||||||
|
- Most of IPv4 representation was using "uint32_t". It has now been
|
||||||
|
moved to use the internal "tor_addr_t" interface instead. This is
|
||||||
|
so we can properly integrate IPv6 along IPv4 with common
|
||||||
|
interfaces. Closes ticket 40043.
|
||||||
|
|
||||||
o Documentation (manpages):
|
o Documentation (manpages):
|
||||||
- Move them from doc/ to doc/man/. Closes ticket 40044.
|
- Move them from doc/ to doc/man/. Closes ticket 40044.
|
||||||
|
|
||||||
o Documentation (manual page):
|
o Documentation (manual page):
|
||||||
- Describe the status of the "Sandbox" option more accurately. It is no
|
- Describe the status of the "Sandbox" option more accurately. It is
|
||||||
longer "experimental", but it _is_ dependent on kernel and libc
|
no longer "experimental", but it _is_ dependent on kernel and libc
|
||||||
versions. Closes ticket 23378.
|
versions. Closes ticket 23378.
|
||||||
|
|
||||||
o Documentation (tracing):
|
o Documentation (tracing):
|
||||||
- Document in depth the circuit subsystem trace events in the new
|
- Document in depth the circuit subsystem trace events in the new
|
||||||
doc/tracing/EventsCircuit.md. Closes ticket 40036.
|
doc/tracing/EventsCircuit.md. Closes ticket 40036.
|
||||||
|
|
||||||
o Documentation:
|
|
||||||
- Replace URLs from our old bugtracker so that they refer to the
|
|
||||||
new bugtracker and wiki. Closes ticket 40101.
|
|
||||||
|
|
||||||
o Removed features (network parameters):
|
o Removed features (network parameters):
|
||||||
- The "optimistic data" feature is now always on; there is no longer an
|
|
||||||
option to disable it from the torrc file or from the consensus
|
|
||||||
directory.
|
|
||||||
Closes part of 40139.
|
|
||||||
- The "usecreatefast" network parameter is now removed; there is no
|
|
||||||
longer an option for authorities to turn it off. Closes part of 40139.
|
|
||||||
|
|
||||||
o Removed features:
|
|
||||||
- We no longer ship or build a "tor.service" file for use with systemd.
|
|
||||||
No distribution included this script unmodified, and we don't have the
|
|
||||||
expertise ourselves to maintain this in a way that all the various
|
|
||||||
systemd-based distributions can use. Closes ticket 30797.
|
|
||||||
- We no longer ship support for the Android logging API. Modern
|
|
||||||
versions of Android can use the syslog API instead.
|
|
||||||
Closes ticket 32181.
|
|
||||||
|
|
||||||
o Testing (CI):
|
o Testing (CI):
|
||||||
- Build tracing configure option into our CI. Closes ticket 40038.
|
- Build tracing configure option into our CI. Closes ticket 40038.
|
||||||
|
|
||||||
o Testing (onion service v2):
|
o Testing (onion service v2):
|
||||||
- Fix a rendezvous cache unit test that was triggering an underflow on the
|
- Fix a rendezvous cache unit test that was triggering an underflow
|
||||||
global rend cache allocation. Fixes bug 40125; bugfix on
|
on the global rend cache allocation. Fixes bug 40125; bugfix
|
||||||
0.2.8.1-alpha.
|
on 0.2.8.1-alpha.
|
||||||
- Fix another rendezvous cache unit test that was triggering an underflow on the
|
- Fix another rendezvous cache unit test that was triggering an
|
||||||
global rend cache allocation. Fixes bug 40126; bugfix on
|
underflow on the global rend cache allocation. Fixes bug 40126;
|
||||||
0.2.8.1-alpha.
|
bugfix on 0.2.8.1-alpha.
|
||||||
|
|
||||||
o Testing:
|
|
||||||
- Add unit tests for bandwidth statistics manipulation functions.
|
|
||||||
Closes ticket 33812. Patch by MrSquanchee.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.4.4.5 - 2020-09-15
|
Changes in version 0.4.4.5 - 2020-09-15
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user