nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-24 12:23:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Start an 0.4.3.5 releasenotes

Browse Source 
This was made by taking all 0.4.3.x changelogs up to this point and
sorting them.
This commit is contained in:
Nick Mathewson 2020-05-14 11:44:40 -04:00
parent 5eee5d8bc0
commit 59ac7fdcf0
1 changed files with 717 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

717
ReleaseNotes
View File

@ -2,6 +2,723 @@ This document summarizes new features and bugfixes in each stable
release of Tor. If you want to see more detailed descriptions of the
changes in each development snapshot, see the ChangeLog file.
Changes in version 0.4.3.5 - 2020-05-15
COPY BLURB HERE.
Below are the changes since 0.4.2.5. For a list of only the changes
since 0.4.3.4-rc, see the ChangeLog file.
o New system requirements:
- When building Tor, you now need to have Python 3 in order to run
the integration tests. (Python 2 is officially unsupported
upstream, as of 1 Jan 2020.) Closes ticket 32608.
o Major features (build system):
- The relay code can now be disabled using the --disable-module-relay
configure option. When this option is set, we also disable the
dirauth module. Closes ticket 32123.
- When Tor is compiled --disable-module-relay, we also omit the code
used to act as a directory cache. Closes ticket 32487.
o Major features (directory authority, ed25519):
- Add support for banning a relay's ed25519 keys in the approved-
routers file. This will help us migrate away from RSA keys in the
future. Previously, only RSA keys could be banned in approved-
routers. Resolves ticket 22029. Patch by Neel Chauhan.
o Major features (onion service, controller):
- New control port commands to manage client-side onion service
authorization credentials. The ONION_CLIENT_AUTH_ADD command adds
a credential, ONION_CLIENT_AUTH_REMOVE deletes a credential, and
ONION_CLIENT_AUTH_VIEW lists the credentials. Closes ticket 30381.
o Major features (onion service, SOCKS5):
- Introduce a new SocksPort flag, ExtendedErrors, to support more
detailed error codes in information for applications that support
them. Closes ticket 30382; implements proposal 304.
o Major features (proxy):
- In addition to its current supported proxy types (HTTP CONNECT,
SOCKS4, and SOCKS5), Tor can now make its OR connections through a
HAProxy server. A new torrc option was added to specify the
address/port of the server: TCPProxy <protocol> <host>:<port>.
Currently the only supported protocol for the option is haproxy.
Closes ticket 31518. Patch done by Suphanat Chunhapanya (haxxpop).
o Major bugfixes (security, denial-of-service):
- Fix a denial-of-service bug that could be used by anyone to
consume a bunch of CPU on any Tor relay or authority, or by
directories to consume a bunch of CPU on clients or hidden
services. Because of the potential for CPU consumption to
introduce observable timing patterns, we are treating this as a
high-severity security issue. Fixes bug 33119; bugfix on
0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
as TROVE-2020-002 and CVE-2020-10592.
o Major bugfixes (circuit padding, memory leak):
- Avoid a remotely triggered memory leak in the case that a circuit
padding machine is somehow negotiated twice on the same circuit.
Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
This is also tracked as TROVE-2020-004 and CVE-2020-10593.
o Major bugfixes (directory authority):
- Directory authorities will now send a 503 (not enough bandwidth)
code to clients when under bandwidth pressure. Known relays and
other authorities will always be answered regardless of the
bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha.
o Major bugfixes (DoS defenses, bridges, pluggable transport):
- Fix a bug that was preventing DoS defenses from running on bridges
with a pluggable transport. Previously, the DoS subsystem was not
given the transport name of the client connection, thus failed to
find the GeoIP cache entry for that client address. Fixes bug
33491; bugfix on 0.3.3.2-alpha.
o Major bugfixes (linux seccomp sandbox):
- Correct how we use libseccomp. Particularly, stop assuming that
rules are applied in a particular order or that more rules are
processed after the first match. Neither is the case! In
libseccomp <2.4.0 this led to some rules having no effect.
libseccomp 2.4.0 changed how rules are generated, leading to a
different ordering, which in turn led to a fatal crash during
startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by
Peter Gerber.
- Fix crash when reloading logging configuration while the
experimental sandbox is enabled. Fixes bug 32841; bugfix on
0.4.1.7. Patch by Peter Gerber.
o Major bugfixes (networking):
- Correctly handle IPv6 addresses in SOCKS5 RESOLVE_PTR requests,
and accept strings as well as binary addresses. Fixes bug 32315;
bugfix on 0.3.5.1-alpha.
o Major bugfixes (onion service client, authorization):
- On a NEWNYM signal, purge entries from the ephemeral client
authorization cache. The permanent ones are kept. Fixes bug 33139;
bugfix on 0.4.3.1-alpha.
o Major bugfixes (onion service):
- Report HS circuit failure back into the HS subsystem so we take
appropriate action with regards to the client introduction point
failure cache. This improves reachability of onion services, since
now clients notice failing introduction circuits properly. Fixes
bug 32020; bugfix on 0.3.2.1-alpha.
o Minor feature (configure, build system):
- Output a list of enabled/disabled features at the end of the
configure process in a pleasing way. Closes ticket 31373.
o Minor feature (heartbeat, onion service):
- Add the DoS INTRODUCE2 defenses counter to the heartbeat DoS
message. Closes ticket 31371.
o Minor feature (sendme, flow control):
- Default to sending SENDME version 1 cells. (Clients are already
sending these, because of a consensus parameter telling them to do
so: this change only affects what clients would do if the
consensus didn't contain a recommendation.) Closes ticket 33623.
o Minor features (best practices tracker):
- Practracker now supports a --regen-overbroad option to regenerate
the exceptions file, but only to revise exceptions to be _less_
tolerant of best-practices violations. Closes ticket 32372.
o Minor features (configuration validation):
- Configuration validation can now be done by per-module callbacks,
rather than a global validation function. This will let us reduce
the size of config.c and some of its more cumbersome functions.
Closes ticket 31241.
o Minor features (configuration):
- If a configured hardware crypto accelerator in AccelName is
prefixed with "!", Tor now exits when it cannot be found. Closes
ticket 32406.
- We now use flag-driven logic to warn about obsolete configuration
fields, so that we can include their names. In 0.4.2, we used a
special type, which prevented us from generating good warnings.
Implements ticket 32404.
o Minor features (continuous integration):
- Run Doxygen Makefile target on Travis, so we can learn about
regressions in our internal documentation. Closes ticket 32455.
- Stop allowing failures on the Travis CI stem tests job. It looks
like all the stem hangs we were seeing before are now fixed.
Closes ticket 33075.
o Minor features (controller):
- Add stream isolation data to STREAM event. Closes ticket 19859.
- Implement a new GETINFO command to fetch microdescriptor
consensus. Closes ticket 31684.
o Minor features (debugging, directory system):
- Don't crash when we find a non-guard with a guard-fraction value
set. Instead, log a bug warning, in an attempt to figure out how
this happened. Diagnostic for ticket 32868.
o Minor features (defense in depth):
- Add additional checks around tor_vasprintf() usage, in case the
function returns an error. Patch by Tobias Stoeckmann. Fixes
ticket 31147.
o Minor features (developer tooling):
- Remove the 0.2.9.x series branches from git scripts (git-merge-
forward.sh, git-pull-all.sh, git-push-all.sh, git-setup-dirs.sh).
Closes ticket 32772.
o Minor features (developer tools):
- Add a check_cocci_parse.sh script that checks that new code is
parseable by Coccinelle. Add an exceptions file for unparseable
files, and run the script from travis CI. Closes ticket 31919.
- Call the check_cocci_parse.sh script from a 'check-cocci' Makefile
target. Closes ticket 31919.
- Add a rename_c_identifiers.py tool to rename a bunch of C
identifiers at once, and generate a well-formed commit message
describing the change. This should help with refactoring. Closes
ticket 32237.
- Add some scripts in "scripts/coccinelle" to invoke the Coccinelle
semantic patching tool with the correct flags. These flags are
fairly easy to forget, and these scripts should help us use
Coccinelle more effectively in the future. Closes ticket 31705.
o Minor features (diagnostic):
- Improve assertions and add some memory-poisoning code to try to
track down possible causes of a rare crash (32564) in the EWMA
code. Closes ticket 33290.
o Minor features (directory authorities):
- Directory authorities now reject descriptors from relays running
Tor versions from the 0.2.9 and 0.4.0 series. The 0.3.5 series is
still allowed. Resolves ticket 32672. Patch by Neel Chauhan.
o Minor features (Doxygen):
- Update Doxygen configuration file to a more recent template (from
1.8.15). Closes ticket 32110.
- "make doxygen" now works with out-of-tree builds. Closes
ticket 32113.
- Make sure that doxygen outputs documentation for all of our C
files. Previously, some were missing @file declarations, causing
them to be ignored. Closes ticket 32307.
- Our "make doxygen" target now respects --enable-fatal-warnings by
default, and does not warn about items that are missing
documentation. To warn about missing documentation, run configure
with the "--enable-missing-doc-warnings" flag: doing so suspends
fatal warnings for doxygen. Closes ticket 32385.
o Minor features (git scripts):
- Add TOR_EXTRA_CLONE_ARGS to git-setup-dirs.sh for git clone
customisation. Closes ticket 32347.
- Add git-setup-dirs.sh, which sets up an upstream git repository
and worktrees for tor maintainers. Closes ticket 29603.
- Add TOR_EXTRA_REMOTE_* to git-setup-dirs.sh for a custom extra
remote. Closes ticket 32347.
- Call the check_cocci_parse.sh script from the git commit and push
hooks. Closes ticket 31919.
- Make git-push-all.sh skip unchanged branches when pushing to
upstream. The script already skipped unchanged test branches.
Closes ticket 32216.
- Make git-setup-dirs.sh create a master symlink in the worktree
directory. Closes ticket 32347.
- Skip unmodified source files when doing some existing git hook
checks. Related to ticket 31919.
o Minor features (IPv6, client):
- Make Tor clients tell dual-stack exits that they prefer IPv6
connections. This change is equivalent to setting the PreferIPv6
flag on SOCKSPorts (and most other listener ports). Tor Browser
has been setting this flag for some time, and we want to remove a
client distinguisher at exits. Closes ticket 32637.
o Minor features (portability, android):
- When building for Android, disable some tests that depend on $HOME
and/or pwdb, which Android doesn't have. Closes ticket 32825.
Patch from Hans-Christoph Steiner.
o Minor features (relay modularity):
- Split the relay and server pluggable transport config code into
separate files in the relay module. Disable this code when the
relay module is disabled. Closes part of ticket 32213.
- When the relay module is disabled, reject attempts to set the
ORPort, DirPort, DirCache, BridgeRelay, ExtORPort, or
ServerTransport* options, rather than ignoring the values of these
options. Closes part of ticket 32213.
o Minor features (relay):
- When the relay module is disabled, change the default config so
that DirCache is 0, and ClientOnly is 1. Closes ticket 32410.
o Minor features (release tools):
- Port our ChangeLog formatting and sorting tools to Python 3.
Closes ticket 32704.
o Minor features (testing):
- The unit tests now support a "TOR_SKIP_TESTCASES" environment
variable to specify a list of space-separated test cases that
should not be executed. We will use this to disable certain tests
that are failing on Appveyor because of mismatched OpenSSL
libraries. Part of ticket 33643.
- Detect some common failure cases for test_parseconf.sh in
src/test/conf_failures. Closes ticket 32451.
- Allow test_parseconf.sh to test expected log outputs for successful
configs, as well as failed configs. Closes ticket 32451.
- The test_parseconf.sh script now supports result variants for any
combination of the optional libraries lzma, nss, and zstd. Closes
ticket 32397.
o Minor features (tests, Android):
- When running the unit tests on Android, create temporary files in
a subdirectory of /data/local/tmp. Closes ticket 32172. Based on a
patch from Hans-Christoph Steiner.
o Minor features (usability):
- Include more information when failing to parse a configuration
value. This should make it easier to tell what's going wrong when
a configuration file doesn't parse. Closes ticket 33460.
o Minor bugfix (relay, configuration):
- Warn if the ContactInfo field is not set, and tell the relay
operator that not having a ContactInfo field set might cause their
relay to get rejected in the future. Fixes bug 33361; bugfix
on 0.1.1.10-alpha.
o Minor bugfixes (--disable-module-relay):
- Fix an assertion failure when Tor is built without the relay
module, and then invoked with the "User" option. Fixes bug 33668;
bugfix on 0.4.3.1-alpha.
o Minor bugfixes (--disable-module-relay,--disable-module-dirauth):
- Set some output arguments in the relay and dirauth module stubs,
to guard against future stub argument handling bugs like 33668.
Fixes bug 33674; bugfix on 0.4.3.1-alpha.
o Minor bugfixes (bridges):
- Lowercase the configured value of BridgeDistribution before adding
it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha.
o Minor bugfixes (build system):
- Correctly output the enabled module in the configure summary.
Before that, the list shown was just plain wrong. Fixes bug 33646;
bugfix on 0.4.3.2-alpha.
- Revise configure options that were either missing or incorrect in
the configure summary. Fixes bug 32230; bugfix on 0.4.3.1-alpha.
- Fix "make autostyle" for out-of-tree builds. Fixes bug 32370;
bugfix on 0.4.1.2-alpha.
o Minor bugfixes (client, IPv6):
- Stop forcing all non-SocksPorts to prefer IPv6 exit connections.
Instead, prefer IPv6 connections by default, but allow users to
change their configs using the "NoPreferIPv6" port flag. Fixes bug
33608; bugfix on 0.4.3.1-alpha.
- Revert PreferIPv6 set by default on the SocksPort because it broke
the torsocks use case. Tor doesn't have a way for an application
to request the hostname to be resolved for a specific IP version,
but torsocks requires that. Up until now, IPv4 was used by default
so torsocks is expecting that, and can't handle a possible IPv6
being returned. Fixes bug 33804; bugfix on 0.4.3.1-alpha.
o Minor bugfixes (coding best practices checks):
- Allow the "practracker" script to read unicode files when using
Python 2. We made the script use unicode literals in 0.4.3.1-alpha,
but didn't change the codec for opening files. Fixes bug 33374;
bugfix on 0.4.3.1-alpha.
o Minor bugfixes (compiler compatibility):
- Avoid compiler warnings from Clang 10 related to the use of GCC-
style "/* falls through */" comments. Both Clang and GCC allow
__attribute__((fallthrough)) instead, so that's what we're using
now. Fixes bug 34078; bugfix on 0.3.1.3-alpha.
- Fix compilation warnings with GCC 10.0.1. Fixes bug 34077; bugfix
on 0.4.0.3-alpha.
o Minor bugfixes (configuration handling):
- Make control_event_conf_changed() take in a config_line_t instead
of a smartlist of alternating key/value entries. Fixes bug 31531;
bugfix on 0.2.3.3-alpha. Patch by Neel Chauhan.
o Minor bugfixes (configuration):
- Check for multiplication overflow when parsing memory units inside
configuration. Fixes bug 30920; bugfix on 0.0.9rc1.
- When dumping the configuration, stop adding a trailing space after
the option name when there is no option value. This issue only
affects options that accept an empty value or list. (Most options
reject empty values, or delete the entire line from the dumped
options.) Fixes bug 32352; bugfix on 0.0.9pre6.
- Avoid changing the user's value of HardwareAccel as stored by
SAVECONF, when AccelName is set but HardwareAccel is not. Fixes
bug 32382; bugfix on 0.2.2.1-alpha.
- When creating a KeyDirectory with the same location as the
DataDirectory (not recommended), respect the DataDirectory's
group-readable setting if one has not been set for the
KeyDirectory. Fixes bug 27992; bugfix on 0.3.3.1-alpha.
o Minor bugfixes (continuous integration):
- Remove the buggy and unused mirroring job. Fixes bug 33213; bugfix
on 0.3.2.2-alpha.
o Minor bugfixes (controller protocol):
- Fix a memory leak introduced by refactoring of control reply
formatting code. Fixes bug 33039; bugfix on 0.4.3.1-alpha.
- Fix a memory leak in GETINFO responses. Fixes bug 33103; bugfix
on 0.4.3.1-alpha.
- When receiving "ACTIVE" or "DORMANT" signals on the control port,
report them as SIGNAL events. Previously we would log a bug
warning. Fixes bug 33104; bugfix on 0.4.0.1-alpha.
o Minor bugfixes (controller):
- In routerstatus_has_changed(), check all the fields that are
output over the control port. Fixes bug 20218; bugfix
on 0.1.1.11-alpha
o Minor bugfixes (correctness checks):
- Use GCC/Clang's printf-checking feature to make sure that
tor_assertf() arguments are correctly typed. Fixes bug 32765;
bugfix on 0.4.1.1-alpha.
o Minor bugfixes (developer tools):
- Allow paths starting with ./ in scripts/add_c_file.py. Fixes bug
31336; bugfix on 0.4.1.2-alpha.
o Minor bugfixes (dirauth module):
- Split the dirauth config code into a separate file in the dirauth
module. Disable this code when the dirauth module is disabled.
Closes ticket 32213.
- When the dirauth module is disabled, reject attempts to set the
AuthoritativeDir option, rather than ignoring the value of the
option. Fixes bug 32213; bugfix on 0.3.4.1-alpha.
o Minor bugfixes (embedded Tor):
- When starting Tor any time after the first time in a process,
register the thread in which it is running as the main thread.
Previously, we only did this on Windows, which could lead to bugs
like 23081 on non-Windows platforms. Fixes bug 32884; bugfix
on 0.3.3.1-alpha.
o Minor bugfixes (git scripts):
- Avoid sleeping before the last push in git-push-all.sh. Closes
ticket 32216.
- Forward all unrecognised arguments in git-push-all.sh to git push.
Closes ticket 32216.
o Minor bugfixes (hidden service v3):
- Do not rely on a "circuit established" flag for intro circuits but
instead always query the HS circuit map. This is to avoid sync
issue with that flag and the map. Fixes bug 32094; bugfix
on 0.3.2.1-alpha.
o Minor bugfixes (key portability):
- When reading PEM-encoded key data, tolerate CRLF line-endings even
if we are not running on Windows. Previously, non-Windows hosts
would reject these line-endings in certain positions, making
certain key files hard to move from one host to another. Fixes bug
33032; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (logging):
- Stop truncating IPv6 addresses and ports in channel and connection
logs. Fixes bug 33918; bugfix on 0.2.4.4-alpha.
- Fix a logic error in a log message about whether an address was
invalid. Previously, the code would never report that onion
addresses were onion addresses. Fixes bug 34131; bugfix
on 0.4.3.1-alpha.
- Flush stderr, stdout, and file logs during shutdown, if supported
by the OS. This change helps make sure that any final logs are
recorded. Fixes bug 33087; bugfix on 0.4.1.6.
- Stop closing stderr and stdout during shutdown. Closing these file
descriptors can hide sanitiser logs. Fixes bug 33087; bugfix
on 0.4.1.6.
- If we encounter a bug when flushing a buffer to a TLS connection,
only log the bug once per invocation of the Tor process.
Previously we would log with every occurrence, which could cause
us to run out of disk space. Fixes bug 33093; bugfix
on 0.3.2.2-alpha.
- When logging a bug, do not say "Future instances of this warning
will be silenced" unless we are actually going to silence them.
Previously we would say this whenever a BUG() check failed in the
code. Fixes bug 33095; bugfix on 0.4.1.1-alpha.
o Minor bugfixes (logging, crash):
- Avoid a possible crash when trying to log a (fatal) assertion
failure about mismatched magic numbers in configuration objects.
Fixes bug 32771; bugfix on 0.4.2.1-alpha.
o Minor bugfixes (onion service v2):
- Move a series of v2 onion service warnings to protocol-warning
level because they can all be triggered remotely by a malformed
request. Fixes bug 32706; bugfix on 0.1.1.14-alpha.
- When sending the INTRO cell for a v2 Onion Service, look at the
failure cache alongside timeout values to check if the intro point
is marked as failed. Previously, we only looked at the relay
timeout values. Fixes bug 25568; bugfix on 0.2.7.3-rc. Patch by
Neel Chauhan.
o Minor bugfixes (onion service v3, client authorization):
- When removing client authorization credentials using the control
port, also remove the associated descriptor, so the onion service
can no longer be contacted. Fixes bug 33148; bugfix
on 0.4.3.1-alpha.
o Minor bugfixes (onion service v3, client):
- Remove a BUG() warning that would cause a stack trace if an onion
service descriptor was freed while we were waiting for a
rendezvous circuit to complete. Fixes bug 28992; bugfix
on 0.3.2.1-alpha.
o Minor bugfixes (onion services v3):
- Relax severity of a log message that can appear naturally when
decoding onion service descriptors as a relay. Also add some
diagnostics to debug any future bugs in that area. Fixes bug
31669; bugfix on 0.3.0.1-alpha.
- Block a client-side assertion by disallowing the registration of
an x25519 client auth key that's all zeroes. Fixes bug 33545;
bugfix on 0.4.3.1-alpha. Based on patch from "cypherpunks".
- Fix an assertion failure that could result from a corrupted
ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
bugfix on 0.3.3.1-alpha. This issue is also tracked
as TROVE-2020-003.
o Minor bugfixes (onion services v3, client):
- Properly handle the client rendezvous circuit timeout. Previously
Tor would sometimes timeout a rendezvous circuit awaiting the
introduction ACK, and find itself unable to re-establish all
circuits because the rendezvous circuit timed out too early. Fixes
bug 32021; bugfix on 0.3.2.1-alpha.
o Minor bugfixes (onion services):
- In cancel_descriptor_fetches(), use
connection_list_by_type_purpose() instead of
connection_list_by_type_state(). Fixes bug 32639; bugfix on
0.3.2.1-alpha. Patch by Neel Chauhan.
o Minor bugfixes (pluggable transports):
- When receiving a message on standard error from a pluggable
transport, log it at info level, rather than as a warning. Fixes
bug 33005; bugfix on 0.4.0.1-alpha.
o Minor bugfixes (rust, build):
- Fix a syntax warning given by newer versions of Rust that was
creating problems for our continuous integration. Fixes bug 33212;
bugfix on 0.3.5.1-alpha.
o Minor bugfixes (scripts):
- Fix update_versions.py for out-of-tree builds. Fixes bug 32371;
bugfix on 0.4.0.1-alpha.
o Minor bugfixes (test):
- Use the same code to find the tor binary in all of our test
scripts. This change makes sure we are always using the coverage
binary when coverage is enabled. Fixes bug 32368; bugfix
on 0.2.7.3-rc.
o Minor bugfixes (testing):
- Stop ignoring "tor --dump-config" errors in test_parseconf.sh.
Fixes bug 32468; bugfix on 0.4.2.1-alpha.
- When TOR_DISABLE_PRACTRACKER is set, do not apply it to the
test_practracker.sh script. Doing so caused a test failure. Fixes
bug 32705; bugfix on 0.4.2.1-alpha.
- When TOR_DISABLE_PRACTRACKER is set, log a notice to stderr when
skipping practracker checks. Fixes bug 32705; bugfix
on 0.4.2.1-alpha.
o Minor bugfixes (tests):
- Our option-validation tests no longer depend on specially
configured non-default, non-passing sets of options. Previously,
the tests had been written to assume that options would _not_ be
set to their defaults, which led to needless complexity and
verbosity. Fixes bug 32175; bugfix on 0.2.8.1-alpha.
o Minor bugfixes (TLS bug handling):
- When encountering a bug in buf_read_from_tls(), return a "MISC"
error code rather than "WANTWRITE". This change might help avoid
some CPU-wasting loops if the bug is ever triggered. Bug reported
by opara. Fixes bug 32673; bugfix on 0.3.0.4-alpha.
o Minor bugfixes (windows service):
- Initialize the publish/subscribe system when running as a windows
service. Fixes bug 32778; bugfix on 0.4.1.1-alpha.
o Code simplification and refactoring:
- Disable our coding standards best practices tracker in our git
hooks. (0.4.3 branches only.) Closes ticket 33678.
o Deprecated features:
- Deprecate the ClientAutoIPv6ORPort option. This option was not
true "Happy Eyeballs", and often failed on connections that
weren't reliably dual-stack. Closes ticket 32942. Patch by
Neel Chauhan.
o Documentation:
- Provide a quickstart guide for a Circuit Padding Framework, and
documentation for researchers to implement and study circuit
padding machines. Closes ticket 28804.
- Add documentation in 'HelpfulTools.md' to describe how to build a
tag file. Closes ticket 32779.
- Create a high-level description of the long-term software
architecture goals. Closes ticket 32206.
- Describe the --dump-config command in the manual page. Closes
ticket 32467.
- Unite coding advice from this_not_that.md in torguts repo into our
coding standards document. Resolves ticket 31853.
o Removed features:
- Our Doxygen configuration no longer generates LaTeX output. The
reference manual produced by doing this was over 4000 pages long,
and generally unusable. Closes ticket 32099.
- The option "TestingEstimatedDescriptorPropagationTime" is now
marked as obsolete. It has had no effect since 0.3.0.7, when
clients stopped rejecting consensuses "from the future". Closes
ticket 32807.
- We no longer support consensus methods before method 28; these
methods were only used by authorities running versions of Tor that
are now at end-of-life. In effect, this means that clients,
relays, and authorities now assume that authorities will be
running version 0.3.5.x or later. Closes ticket 32695.
o Testing:
- Avoid conflicts between the fake sockets in tor's unit tests, and
real file descriptors. Resolves issues running unit tests with
GitHub Actions, where the process that embeds or launches the
tests has already opened a large number of file descriptors. Fixes
bug 33782; bugfix on 0.2.8.1-alpha. Found and fixed by
Putta Khunchalee.
- Add more test cases for tor's UTF-8 validation function. Also,
check the arguments passed to the function for consistency. Closes
ticket 32845.
- Improve test coverage for relay and dirauth config code, focusing
on option validation and normalization. Closes ticket 32213.
- Improve the consistency of test_parseconf.sh output, and run all
the tests, even if one fails. Closes ticket 32213.
- Re-enable the Travis CI macOS Chutney build, but don't let it
prevent the Travis job from finishing. (The Travis macOS jobs are
slow, so we don't want to have it delay the whole CI process.)
Closes ticket 32629.
- Run the practracker unit tests in the pre-commit git hook. Closes
ticket 32609.
- Turn off Tor's Sandbox in Chutney jobs, and run those jobs on
Ubuntu Bionic. Turning off the Sandbox is a work-around, until we
fix the sandbox errors in 32722. Closes ticket 32240.
o Code simplification and refactoring (channel):
- Channel layer had a variable length cell handler that was not used
and thus removed. Closes ticket 32892.
o Code simplification and refactoring (configuration):
- Immutability is now implemented as a flag on individual
configuration options rather than as part of the option-transition
checking code. Closes ticket 32344.
- Instead of keeping a list of configuration options to check for
relative paths, check all the options whose type is "FILENAME".
Solves part of ticket 32339.
- Our default log (which ordinarily sends NOTICE-level messages to
standard output) is now handled in a more logical manner.
Previously, we replaced the configured log options if they were
empty. Now, we interpret an empty set of log options as meaning
"use the default log". Closes ticket 31999.
- Remove some unused arguments from the options_validate() function,
to simplify our code and tests. Closes ticket 32187.
- Simplify the options_validate() code so that it looks at the
default options directly, rather than taking default options as an
argument. This change lets us simplify its interface. Closes
ticket 32185.
- Use our new configuration architecture to move most authority-
related options to the directory authority module. Closes
ticket 32806.
- When parsing the command line, handle options that determine our
"quiet level" and our mode of operation (e.g., --dump-config and
so on) all in one table. Closes ticket 32003.
o Code simplification and refactoring (controller):
- Create a new abstraction for formatting control protocol reply
lines based on key-value pairs. Refactor some existing control
protocol code to take advantage of this. Closes ticket 30984.
- Create a helper function that can fetch network status or
microdesc consensuses. Closes ticket 31684.
o Code simplification and refactoring (dirauth modularization):
- Remove the last remaining HAVE_MODULE_DIRAUTH inside a function.
Closes ticket 32163.
- Replace some confusing identifiers in process_descs.c. Closes
ticket 29826.
- Simplify some relay and dirauth config code. Closes ticket 32213.
o Code simplification and refactoring (mainloop):
- Simplify the ip_address_changed() function by removing redundant
checks. Closes ticket 33091.
o Code simplification and refactoring (misc):
- Make all the structs we declare follow the same naming convention
of ending with "_t". Closes ticket 32415.
- Move and rename some configuration-related code for clarity.
Closes ticket 32304.
- Our include.am files are now broken up by subdirectory.
Previously, src/core/include.am covered all of the subdirectories
in "core", "feature", and "app". Closes ticket 32137.
- Remove underused NS*() macros from test code: they make our tests
more confusing, especially for code-formatting tools. Closes
ticket 32887.
o Code simplification and refactoring (relay modularization):
- Disable relay_periodic when the relay module is disabled. Closes
ticket 32244.
- Disable relay_sys when the relay module is disabled. Closes
ticket 32245.
o Code simplification and refactoring (tool support):
- Add numerous missing dependencies to our include files, so that
they can be included in different reasonable orders and still
compile. Addresses part of ticket 32764.
- Fix some parts of our code that were difficult for Coccinelle to
parse. Related to ticket 31705.
- Fix some small issues in our code that prevented automatic
formatting tools from working. Addresses part of ticket 32764.
o Documentation (manpage):
- Alphabetize the Server and Directory server sections of the tor
manpage. Also split Statistics options into their own section of
the manpage. Closes ticket 33188. Work by Swati Thacker as part of
Google Season of Docs.
- Document the __OwningControllerProcess torrc option and specify
its polling interval. Resolves issue 32971.
- Split "Circuit Timeout" options and "Node Selection" options into
their own sections of the tor manpage. Closes tickets 32928 and
32929. Work by Swati Thacker as part of Google Season of Docs.
- Alphabetize the Client Options section of the tor manpage. Closes
ticket 32846.
- Alphabetize the General Options section of the tor manpage. Closes
ticket 32708.
- In the tor(1) manpage, reword and improve formatting of the
COMMAND-LINE OPTIONS and DESCRIPTION sections. Closes ticket
32277. Based on work by Swati Thacker as part of Google Season
of Docs.
- In the tor(1) manpage, reword and improve formatting of the FILES,
SEE ALSO, and BUGS sections. Closes ticket 32176. Based on work by
Swati Thacker as part of Google Season of Docs.
o Testing (CI):
- In our Appveyor Windows CI, copy required DLLs to test and app
directories, before running tor's tests. This ensures that tor.exe
and test*.exe use the correct version of each DLL. This fix is not
required, but we hope it will avoid DLL search issues in future.
Fixes bug 33673; bugfix on 0.3.4.2-alpha.
- On Appveyor, skip the crypto/openssl_version test, which is
failing because of a mismatched library installation. Fix
for 33643.
o Testing (circuit, EWMA):
- Add unit tests for circuitmux and EWMA subsystems. Closes
ticket 32196.
o Testing (continuous integration):
- Use zstd in our Travis Linux builds. Closes ticket 32242.
o Testing (Travis CI):
- Remove a redundant distcheck job. Closes ticket 33194.
- Sort the Travis jobs in order of speed: putting the slowest jobs
first takes full advantage of Travis job concurrency. Closes
ticket 33194.
- Stop allowing the Chutney IPv6 Travis job to fail. This job was
previously configured to fast_finish (which requires
allow_failure), to speed up the build. Closes ticket 33195.
- When a Travis chutney job fails, use chutney's new "diagnostics.sh"
tool to produce detailed diagnostic output. Closes ticket 32792.
Changes in version 0.4.2.6 - 2020-01-30
This is the second stable release in the 0.4.2.x series. It backports