Begin work on a changelog

ChangeLog

@@ -1,3 +1,154 @@
+Changes in version 0.3.3.2-alpha - 2018-02-09
+  Blurb here.
+
+  o Major features (denial-of-service mitigation):
+    - Give relays some defenses against the recent network overload. We
+      start with three defenses (default parameters in parentheses).
+      First: if a single client address makes too many concurrent
+      connections (>100), hang up on further connections. Second: if a
+      single client address makes circuits too quickly (more than 3 per
+      second, with an allowed burst of 90) while also having too many
+      connections open (3), refuse new create cells for the next while
+      (1-2 hours). Third: if a client asks to establish a rendezvous
+      point to you directly, ignore the request. These defenses can be
+      manually controlled by new torrc options, but relays will also
+      take guidance from consensus parameters, so there's no need to
+      configure anything manually. Implements ticket 24902.
+
+  o Major bugfixes (netflow padding):
+    - Stop adding unneeded channel padding right after we finish
+      flushing to a connection that has been trying to flush for many
+      seconds. Instead, treat all partial or complete flushes as
+      activity on the channel, which will defer the time until we need
+      to add padding. This fix should resolve confusing and scary log
+      messages like "Channel padding timeout scheduled 221453ms in the
+      past." Fixes bug 22212; bugfix on 0.3.1.1-alpha.
+
+  o Major bugfixes (protocol versions):
+    - Add Link protocol version 5 to the supported protocols list. Fixes
+      bug 25070; bugfix on 0.3.1.1-alpha.
+
+  o Major bugfixes (scheduler, consensus):
+    - A logic in the code was preventing the scheduler subystem to
+      properly make a decision based on the latest consensus when it
+      arrives. This lead to the scheduler failing to notice any
+      consensus parameters that might have changed between consensuses.
+      Fixes bug 24975; bugfix on 0.3.2.1-alpha.
+
+  o Minor features (denial-of-service avoidance):
+    - Make our OOM handler aware of the geoip client history cache so it
+      doesn't fill up the memory which is especially important for IPv6
+      and our DoS mitigation subsystem. Closes ticket 25122.
+
+  o Minor features (directory authority):
+    - When unable to add signatures to a pending consensus, log the
+      reason why. Closes ticket 24849.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (logging, diagnostic):
+    - When logging a failure to check a onion service's certificate,
+      also log what the problem with the certificate was. Diagnostic for
+      ticket 24972.
+
+  o Minor bugfix (channel connection):
+    - The accurate address of a connection is real_addr, not the addr
+      member. TLS Channel remote address is now real_addr content
+      instead of addr member. Fixes bug 24952; bugfix on 707c1e2e26 in
+      0.2.4.11-alpha. Patch by "ffmancera".
+
+  o Minor bugfix (directory authority, documentation):
+    - When a fingerprint or network address is marked as rejected, the
+      returned message by the authority now explicitly mention to set a
+      valid ContactInfo address and contact the bad-relays@ mailing
+      list. Fixes bug 25170; bugfix on 0.2.9.1.
+
+  o Minor bugfixes (all versions of Tor):
+    - Use the "misspell" tool to detect and fix typos throughout the
+      source code. Fixes bug 23650; bugfix on various versions of Tor.
+      Patch from Deepesh Pathak.
+
+  o Minor bugfixes (circuit, cannibalization):
+    - Don't cannibalize circuits for which we don't know the first hop
+      which can happen if our Guard relay went off the consensus after
+      the circuit was created preemptively. Fixes bug 24469; bugfix
+      on 0.0.6.
+
+  o Minor bugfixes (correctness):
+    - Remove a nonworking, unnecessary check to see whether a circuit
+      hop's identity was set when the circuit failed. Fixes bug 24927;
+      bugfix on 0.2.4.4-alpha.
+
+  o Minor bugfixes (onion services):
+    - Remove a BUG() statement which can be triggered in normal
+      circumstances where a client fetches a descriptor that has a lower
+      revision counter than the one in its cache. This can happen due to
+      HSDir desync. Fixes bug 24976; bugfix on 0.3.2.1-alpha.
+    - Don't log in the heartbeat any long term established one hop
+      rendezvous points if tor is a single onion service. Fixes bug
+      25116; bugfix on 0.2.9.6-rc;
+
+  o Minor bugfixes (logging):
+    - Don't treat inability to store a cached consensus object as a bug:
+      it can happen normally when we are out of disk space. Fixes bug
+      24859; bugfix on 0.3.1.1-alpha.
+    - Fix a (mostly harmless) race condition when invoking
+      LOG_PROTOCOL_WARN message from a subthread while the options are
+      changing. Fixes bug 23954; bugfix on 0.1.1.9-alpha.
+
+  o Minor bugfixes (performance):
+    - Avoid calling protocol_list_supports_protocol() from inside tight
+      loops when running with cached routerinfo_t objects. Instead,
+      summarize the relevant protocols as flags in the routerinfo_t, as
+      we do for routerstatus_t objects. This change simplifies our code
+      a little, and saves a large amount of short-term memory allocation
+      operations. Fixes bug 25008; bugfix on 0.2.9.4-alpha.
+
+  o Minor bugfixes (Rust FFI):
+    - Fix a minor memory leak which would happen whenever the C code
+      would call the Rust implementation of
+      protover_get_supported_protocols(). This was due to the C version
+      returning a static string, whereas the Rust version newly allocated
+      a CString to pass accross the FFI boundary. Consequently, the C
+      code was not expecting to need to free() what it was given. Fixes
+      bug 25127; bugfix on 0.3.2.1-alpha.
+
+  o Minor bugfixes (scheduler, KIST):
+    - Avoid adding the same channel twice in the KIST scheduler pending
+      list wasting CPU cycles at handling the same channel twice. Fixes
+      bug 24700; bugfix on 0.3.2.1-alpha.
+
+  o Minor bugfixes (unit test, monotonic time):
+    - Bump a gap of 1msec to 10msec used in the monotonic time test that
+      makes sure the nsec/usec/msec time read are synchronized. This
+      change was needed to accommodate slow system like armel or when
+      the clock_gettime() is not a VDSO on the running kernel. Fixes bug
+      25113; bugfix on 0.2.9.1.
+
+  o Minor bugfixes (v3 onion services):
+    - Look at the "HSRend" protocol version, not the "HSDir" protocol
+      version, when deciding whether a consensus entry can support the
+      v3 onion service protocol as a rendezvous point. Fixes bug 25105;
+      bugfix on 0.3.2.1-alpha.
+
+  o Code simplification and refactoring:
+    - Remove the unused nodelist_recompute_all_hsdir_indices(). Closes
+      ticket 25108.
+
+  o Documentation:
+    - HiddenServiceVersion only accepts one version to be specified.
+      This version can either be version 2 or 3. Closes ticket 25026;
+      bugfix on 0.3.2.2-alpha.
+
+  o Code simplification and refactoring (rephist):
+    - Remove a series of counters used to track circuit extend attemps
+      and connection status but that in reality we aren't using for
+      anything other than stats logged by a SIGUSR1 signal. Closes
+      ticket 25163.
+
+
 Changes in version 0.3.3.1-alpha - 2018-01-25
   Tor 0.3.3.1-alpha is the first release in the 0.3.3.x series. It adds
   several new features to Tor, including several improvements to

changes/bug22212-forreal

@@ -1,8 +0,0 @@
-  o Major bugfixes (netflow padding):
-    - Stop adding unneeded channel padding right after we finish flushing
-      to a connection that has been trying to flush for many seconds.
-      Instead, treat all partial or complete flushes as activity on the
-      channel, which will defer the time until we need to add padding.
-      This fix should resolve confusing and scary log messages like
-      "Channel padding timeout scheduled 221453ms in the past." Fixes
-      bug 22212; bugfix on 0.3.1.1-alpha.

changes/bug23954

@@ -1,4 +0,0 @@
-  o Minor bugfixes (logging, race conditions):
-    - Fix a (mostly harmless) race condition when invoking
-      LOG_PROTOCOL_WARN message from a subthread while the options are
-      changing. Fixes bug 23954; bugfix on 0.1.1.9-alpha.

changes/bug24469

@@ -1,4 +0,0 @@
-  o Minor bugfixes (circuit, cannibalization):
-    - Don't cannibalize circuits for which we don't know the first hop which
-      can happen if our Guard relay went off the consensus after the circuit
-      was created preemptively. Fixes bug 24469; bugfix on 0.0.6.

changes/bug24700

@@ -1,4 +0,0 @@
-  o Minor bugfixes (scheduler, KIST):
-    - Avoid adding the same channel twice in the KIST scheduler pending list
-      wasting CPU cycles at handling the same channel twice. Fixes bug 24700;
-      bugfix on 0.3.2.1-alpha.

changes/bug24859

@@ -1,4 +0,0 @@
-  o Minor bugfixes (logging):
-    - Don't treat inability to store a cached consensus object as a
-      bug: it can happen normally when we are out of disk space.
-      Fixes bug 24859; bugfix on 0.3.1.1-alpha.

changes/bug24927

@@ -1,4 +0,0 @@
-  o Minor bugfixes (correctness):
-    - Remove nonworking, unnecessary check to see whether a circuit hop's
-      identity was set when the circuit failed. Fixes bug 24927; bugfix on
-      0.2.4.4-alpha.

changes/bug24952

@@ -1,5 +0,0 @@
-  o Minor bugfix (channel connection):
-    - The accurate address of a connection is real_addr, not the addr member.
-      TLS Channel remote address is now real_addr content instead of addr
-      member. Fixes bug 24952; bugfix on 707c1e2e26 in 0.2.4.11-alpha.
-      Patch by "ffmancera".

changes/bug24972

@@ -1,4 +0,0 @@
-  o Minor features (logging, diagnostic):
-    - When logging a failure to check a hidden service's certificate,
-      also log what the problem with the certificate was. Diagnostic
-      for ticket 24972.

changes/bug24975

@@ -1,6 +0,0 @@
-  o Major bugfixes (scheduler, consensus):
-    - A logic in the code was preventing the scheduler subystem to properly
-      make a decision based on the latest consensus when it arrives. This lead
-      to the scheduler failing to notice any consensus parameters that might
-      have changed between consensuses. Fixes bug 24975; bugfix on
-      0.3.2.1-alpha.

changes/bug24976

@@ -1,5 +0,0 @@
-  o Minor bugfixes (hidden service v3 client):
-    - Remove a BUG() statement which can be triggered in normal circumstances
-      where a client fetches a descriptor that has a lower revision counter
-      than the one in its cache. This can happen due to HSDir desync. Fixes
-      bug 24976; bugfix on 0.3.2.1-alpha.

changes/bug25008

@@ -1,9 +0,0 @@
-  o Minor bugfixes (performance):
-    - Avoid calling protocol_list_supports_protocol() from inside tight loops
-      when running with cached routerinfo_t objects.  Instead,
-      summarize the relevant protocols as flags in the routerinfo_t, as we do
-      for routerstatus_t objects.  This change simplifies our code a little,
-      and saves a large amount of short-term memory allocation operations.
-      Fixes bug 25008; bugfix on 0.2.9.4-alpha.
-
-

changes/bug25026

@@ -1,4 +0,0 @@
-  o Documentation:
-    - HiddenServiceVersion only accepts one version to be specified. This
-      version can either be version 2 or 3.  Closes ticket 25026; bugfix on
-      0.3.2.2-alpha.

changes/bug25070

@@ -1,3 +0,0 @@
-  o Major bugfixes (protocol versions):
-    - Add Link protocol version 5 to the supported protocols list.
-      Fixes bug 25070; bugfix on 0.3.1.1-alpha.

changes/bug25105

@@ -1,5 +0,0 @@
-  o Minor bugfixes (v3 onion services):
-    - Look at the "HSRend" protocol version, not the "HSDir" protocol
-      version, when deciding whether a consensus entry can support
-      the v3 onion service protocol as a rendezvous point.
-      Fixes bug 25105; bugfix on 0.3.2.1-alpha.

changes/bug25113

@@ -1,5 +0,0 @@
-  o Minor bugfixes (unit test, monotonic time):
-    - Bump a gap of 1msec to 10msec used in the monotonic time test that makes
-      sure the nsec/usec/msec time read are synchronized. This change was
-      needed to accommodate slow system like armel or when the clock_gettime()
-      is not a VDSO on the running kernel. Fixes bug 25113; bugfix on 0.2.9.1.

changes/bug25116

@@ -1,4 +0,0 @@
-  o Minor bugfixes (hidden service, heartbeat):
-    - Don't log in the heartbeat any long term established one hop rendezvous
-      points if tor is a single onion service. Fixes bug 25116; bugfix on
-      0.2.9.6-rc;

changes/bug25127

@@ -1,7 +0,0 @@
-  o Minor bugfixes (Rust FFI):
-    - Fix a minor memory leak which would happen whenever the C code would call
-      the Rust implementation of protover_get_supported_protocols().  This was
-      due to the C version returning a static string, whereas the Rust version
-      newly allocated a CString to pass accross the FFI boundary.  Consequently,
-      the C code was not expecting to need to free() what it was given.  Fixes
-      bug 25127; bugfix on 0.3.2.1-alpha.

changes/geoip-2018-02-07

@@ -1,4 +0,0 @@
-  o Minor features (geoip):
-    - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
-      Country database.
-

changes/ticket23650

@@ -1,4 +0,0 @@
-  o Minor bugfixes (all versions of Tor):
-    - Use the "misspell" tool to detect and fix typos throughout the source
-      code. Fixes bug 23650; bugfix on various versions of Tor. Patch
-      from Deepesh Pathak.

changes/ticket24849

@@ -1,3 +0,0 @@
-  o Minor features (directory authority):
-    - When unable to add signatures to a pending consensus, log the reason
-      why. Closes ticket 24849.

changes/ticket24902

@@ -1,13 +0,0 @@
-  o Major features (denial of service mitigation):
-    - Give relays some defenses against the recent network overload. We start
-      with three defenses (default parameters in parentheses). First: if a
-      single client address makes too many concurrent connections (>100), hang
-      up on further connections. Second: if a single client address makes
-      circuits too quickly (more than 3 per second, with an allowed burst of
-      90) while also having too many connections open (3), refuse new create
-      cells for the next while (1-2 hours). Third: if a client asks to
-      establish a rendezvous point to you directly, ignore the request. These
-      defenses can be manually controlled by new torrc options, but relays
-      will also take guidance from consensus parameters, so there's no need to
-      configure anything manually. Implements ticket 24902.
-

changes/ticket25108

@@ -1,3 +0,0 @@
-  o Code simplification and refactoring:
-    - Remove the unused nodelist_recompute_all_hsdir_indices(). Closes ticket
-      25108.

changes/ticket25122

@@ -1,4 +0,0 @@
-  o Minor feature (geoip cache):
-    - Make our OOM handler aware of the geoip client history cache so it
-      doesn't fill up the memory which is especially important for IPv6 and
-      our DoS mitigation subsystem. Closes ticket 25122.

changes/ticket25163

@@ -1,4 +0,0 @@
-  o Code simplification and refactoring (rephist):
-    - Remove a series of counters used to track circuit extend attemps and
-      connection status but that in reality we aren't using for anything other
-      than stats logged by a SIGUSR1 signal. Closes ticket 25163.

changes/ticket25170

@@ -1,5 +0,0 @@
-  o Minor bugfix (directory authority, documentation):
-    - When a fingerprint or network address is marked as rejected, the
-      returned message by the authority now explicitly mention to set a valid
-      ContactInfo address and contact the bad-relays@ mailing list. Fixes bug
-      25170; bugfix on 0.2.9.1.