ChangeLog 1.74 MB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
Changes in version 0.4.3.4-rc - 2020-04-13
  Tor 0.4.3.4-rc is the first release candidate in its series. It fixes
  several bugs from earlier versions, including one affecting DoS
  defenses on bridges using pluggable transports.

  o Major bugfixes (DoS defenses, bridges, pluggable transport):
    - Fix a bug that was preventing DoS defenses from running on bridges
      with a pluggable transport. Previously, the DoS subsystem was not
      given the transport name of the client connection, thus failed to
      find the GeoIP cache entry for that client address. Fixes bug
      33491; bugfix on 0.3.3.2-alpha.

  o Minor feature (sendme, flow control):
    - Default to sending SENDME version 1 cells. (Clients are already
      sending these, because of a consensus parameter telling them to do
      so: this change only affects what clients would do if the
      consensus didn't contain a recommendation.) Closes ticket 33623.

  o Minor features (testing):
    - The unit tests now support a "TOR_SKIP_TESTCASES" environment
      variable to specify a list of space-separated test cases that
      should not be executed. We will use this to disable certain tests
      that are failing on Appveyor because of mismatched OpenSSL
      libraries. Part of ticket 33643.

  o Minor bugfixes (--disable-module-relay):
    - Fix an assertion failure when Tor is built without the relay
      module, and then invoked with the "User" option. Fixes bug 33668;
      bugfix on 0.4.3.1-alpha.

  o Minor bugfixes (--disable-module-relay,--disable-module-dirauth):
    - Set some output arguments in the relay and dirauth module stubs,
      to guard against future stub argument handling bugs like 33668.
      Fixes bug 33674; bugfix on 0.4.3.1-alpha.

  o Minor bugfixes (build system):
    - Correctly output the enabled module in the configure summary.
      Before that, the list shown was just plain wrong. Fixes bug 33646;
      bugfix on 0.4.3.2-alpha.

  o Minor bugfixes (client, IPv6):
    - Stop forcing all non-SocksPorts to prefer IPv6 exit connections.
      Instead, prefer IPv6 connections by default, but allow users to
      change their configs using the "NoPreferIPv6" port flag. Fixes bug
      33608; bugfix on 0.4.3.1-alpha.
    - Revert PreferIPv6 set by default on the SocksPort because it broke
      the torsocks use case. Tor doesn't have a way for an application
      to request the hostname to be resolved for a specific IP version,
      but torsocks requires that. Up until now, IPv4 was used by default
      so torsocks is expecting that, and can't handle a possible IPv6
      being returned. Fixes bug 33804; bugfix on 0.4.3.1-alpha.

  o Minor bugfixes (key portability):
    - When reading PEM-encoded key data, tolerate CRLF line-endings even
      if we are not running on Windows. Previously, non-Windows hosts
      would reject these line-endings in certain positions, making
      certain key files hard to move from one host to another. Fixes bug
      33032; bugfix on 0.3.5.1-alpha.

  o Minor bugfixes (logging):
    - Flush stderr, stdout, and file logs during shutdown, if supported
      by the OS. This change helps make sure that any final logs are
      recorded. Fixes bug 33087; bugfix on 0.4.1.6.
    - Stop closing stderr and stdout during shutdown. Closing these file
      descriptors can hide sanitiser logs. Fixes bug 33087; bugfix
      on 0.4.1.6.

  o Minor bugfixes (onion services v3):
    - Relax severity of a log message that can appear naturally when
      decoding onion service descriptors as a relay. Also add some
      diagnostics to debug any future bugs in that area. Fixes bug
      31669; bugfix on 0.3.0.1-alpha.
    - Block a client-side assertion by disallowing the registration of
      an x25519 client auth key that's all zeroes. Fixes bug 33545;
      bugfix on 0.4.3.1-alpha. Based on patch from "cypherpunks".

  o Code simplification and refactoring:
    - Disable our coding standards best practices tracker in our git
      hooks. (0.4.3 branches only.) Closes ticket 33678.

  o Testing:
    - Avoid conflicts between the fake sockets in tor's unit tests, and
      real file descriptors. Resolves issues running unit tests with
      GitHub Actions, where the process that embeds or launches the
      tests has already opened a large number of file descriptors. Fixes
      bug 33782; bugfix on 0.2.8.1-alpha. Found and fixed by
      Putta Khunchalee.

  o Testing (CI):
    - In our Appveyor Windows CI, copy required DLLs to test and app
      directories, before running tor's tests. This ensures that tor.exe
      and test*.exe use the correct version of each DLL. This fix is not
      required, but we hope it will avoid DLL search issues in future.
      Fixes bug 33673; bugfix on 0.3.4.2-alpha.
    - On Appveyor, skip the crypto/openssl_version test, which is
      failing because of a mismatched library installation. Fix
      for 33643.


100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
Changes in version 0.4.3.3-alpha - 2020-03-18
  Tor 0.4.3.3-alpha fixes several bugs in previous releases, including
  TROVE-2020-002, a major denial-of-service vulnerability that affected
  all released Tor instances since 0.2.1.5-alpha. Using this
  vulnerability, an attacker could cause Tor instances to consume a huge
  amount of CPU, disrupting their operations for several seconds or
  minutes. This attack could be launched by anybody against a relay, or
  by a directory cache against any client that had connected to it. The
  attacker could launch this attack as much as they wanted, thereby
  disrupting service or creating patterns that could aid in traffic
  analysis. This issue was found by OSS-Fuzz, and is also tracked
  as CVE-2020-10592.

  We do not have reason to believe that this attack is currently being
  exploited in the wild, but nonetheless we advise everyone to upgrade
  as soon as packages are available.

  o Major bugfixes (security, denial-of-service):
    - Fix a denial-of-service bug that could be used by anyone to
      consume a bunch of CPU on any Tor relay or authority, or by
      directories to consume a bunch of CPU on clients or hidden
      services. Because of the potential for CPU consumption to
      introduce observable timing patterns, we are treating this as a
      high-severity security issue. Fixes bug 33119; bugfix on
      0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
      as TROVE-2020-002 and CVE-2020-10592.

  o Major bugfixes (circuit padding, memory leak):
    - Avoid a remotely triggered memory leak in the case that a circuit
      padding machine is somehow negotiated twice on the same circuit.
      Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
      This is also tracked as TROVE-2020-004 and CVE-2020-10593.

  o Major bugfixes (directory authority):
    - Directory authorities will now send a 503 (not enough bandwidth)
      code to clients when under bandwidth pressure. Known relays and
      other authorities will always be answered regardless of the
      bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha.

  o Minor features (diagnostic):
    - Improve assertions and add some memory-poisoning code to try to
      track down possible causes of a rare crash (32564) in the EWMA
      code. Closes ticket 33290.

  o Minor features (directory authorities):
    - Directory authorities now reject descriptors from relays running
      Tor versions from the 0.2.9 and 0.4.0 series. The 0.3.5 series is
      still allowed. Resolves ticket 32672. Patch by Neel Chauhan.

  o Minor features (usability):
    - Include more information when failing to parse a configuration
      value. This should make it easier to tell what's going wrong when
      a configuration file doesn't parse. Closes ticket 33460.

  o Minor bugfix (relay, configuration):
    - Warn if the ContactInfo field is not set, and tell the relay
      operator that not having a ContactInfo field set might cause their
      relay to get rejected in the future. Fixes bug 33361; bugfix
      on 0.1.1.10-alpha.

  o Minor bugfixes (coding best practices checks):
    - Allow the "practracker" script to read unicode files when using
      Python 2. We made the script use unicode literals in 0.4.3.1-alpha,
      but didn't change the codec for opening files. Fixes bug 33374;
      bugfix on 0.4.3.1-alpha.

  o Minor bugfixes (continuous integration):
    - Remove the buggy and unused mirroring job. Fixes bug 33213; bugfix
      on 0.3.2.2-alpha.

  o Minor bugfixes (onion service v3, client):
    - Remove a BUG() warning that would cause a stack trace if an onion
      service descriptor was freed while we were waiting for a
      rendezvous circuit to complete. Fixes bug 28992; bugfix
      on 0.3.2.1-alpha.

  o Minor bugfixes (onion services v3):
    - Fix an assertion failure that could result from a corrupted
      ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
      bugfix on 0.3.3.1-alpha. This issue is also tracked
      as TROVE-2020-003.

  o Documentation (manpage):
    - Alphabetize the Server and Directory server sections of the tor
      manpage. Also split Statistics options into their own section of
      the manpage. Closes ticket 33188. Work by Swati Thacker as part of
      Google Season of Docs.
    - Document the __OwningControllerProcess torrc option and specify
      its polling interval. Resolves issue 32971.

  o Testing (Travis CI):
    - Remove a redundant distcheck job. Closes ticket 33194.
    - Sort the Travis jobs in order of speed: putting the slowest jobs
      first takes full advantage of Travis job concurrency. Closes
      ticket 33194.
    - Stop allowing the Chutney IPv6 Travis job to fail. This job was
      previously configured to fast_finish (which requires
      allow_failure), to speed up the build. Closes ticket 33195.
    - When a Travis chutney job fails, use chutney's new "diagnostics.sh"
      tool to produce detailed diagnostic output. Closes ticket 32792.


Changes in version 0.4.2.7 - 2020-03-18
  This is the third stable release in the 0.4.2.x series. It backports
  numerous fixes from later releases, including a fix for TROVE-2020-
  002, a major denial-of-service vulnerability that affected all
  released Tor instances since 0.2.1.5-alpha. Using this vulnerability,
  an attacker could cause Tor instances to consume a huge amount of CPU,
  disrupting their operations for several seconds or minutes. This
  attack could be launched by anybody against a relay, or by a directory
  cache against any client that had connected to it. The attacker could
  launch this attack as much as they wanted, thereby disrupting service
  or creating patterns that could aid in traffic analysis. This issue
  was found by OSS-Fuzz, and is also tracked as CVE-2020-10592.

  We do not have reason to believe that this attack is currently being
  exploited in the wild, but nonetheless we advise everyone to upgrade
  as soon as packages are available.

  o Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha):
    - Fix a denial-of-service bug that could be used by anyone to
      consume a bunch of CPU on any Tor relay or authority, or by
      directories to consume a bunch of CPU on clients or hidden
      services. Because of the potential for CPU consumption to
      introduce observable timing patterns, we are treating this as a
      high-severity security issue. Fixes bug 33119; bugfix on
      0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
      as TROVE-2020-002 and CVE-2020-10592.

  o Major bugfixes (circuit padding, memory leak, backport from 0.4.3.3-alpha):
    - Avoid a remotely triggered memory leak in the case that a circuit
      padding machine is somehow negotiated twice on the same circuit.
      Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
      This is also tracked as TROVE-2020-004 and CVE-2020-10593.

  o Major bugfixes (directory authority, backport from 0.4.3.3-alpha):
    - Directory authorities will now send a 503 (not enough bandwidth)
      code to clients when under bandwidth pressure. Known relays and
      other authorities will always be answered regardless of the
      bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha.

  o Minor features (continuous integration, backport from 0.4.3.2-alpha):
    - Stop allowing failures on the Travis CI stem tests job. It looks
      like all the stem hangs we were seeing before are now fixed.
      Closes ticket 33075.

  o Minor bugfixes (bridges, backport from 0.4.3.1-alpha):
    - Lowercase the configured value of BridgeDistribution before adding
      it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha.

  o Minor bugfixes (logging, backport from 0.4.3.2-alpha):
    - If we encounter a bug when flushing a buffer to a TLS connection,
      only log the bug once per invocation of the Tor process.
      Previously we would log with every occurrence, which could cause
      us to run out of disk space. Fixes bug 33093; bugfix
      on 0.3.2.2-alpha.

  o Minor bugfixes (onion services v3, backport from 0.4.3.3-alpha):
    - Fix an assertion failure that could result from a corrupted
      ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
      bugfix on 0.3.3.1-alpha. This issue is also tracked
      as TROVE-2020-003.

  o Minor bugfixes (rust, build, backport from 0.4.3.2-alpha):
    - Fix a syntax warning given by newer versions of Rust that was
      creating problems for our continuous integration. Fixes bug 33212;
      bugfix on 0.3.5.1-alpha.

  o Testing (Travis CI, backport from 0.4.3.3-alpha):
    - Remove a redundant distcheck job. Closes ticket 33194.
    - Sort the Travis jobs in order of speed: putting the slowest jobs
      first takes full advantage of Travis job concurrency. Closes
      ticket 33194.
    - Stop allowing the Chutney IPv6 Travis job to fail. This job was
      previously configured to fast_finish (which requires
      allow_failure), to speed up the build. Closes ticket 33195.
    - When a Travis chutney job fails, use chutney's new "diagnostics.sh"
      tool to produce detailed diagnostic output. Closes ticket 32792.


Changes in version 0.4.1.9 - 2020-03-18
  Tor 0.4.1.9 backports important fixes from later Tor releases,
  including a fix for TROVE-2020-002, a major denial-of-service
  vulnerability that affected all released Tor instances since
  0.2.1.5-alpha. Using this vulnerability, an attacker could cause Tor
  instances to consume a huge amount of CPU, disrupting their operations
  for several seconds or minutes. This attack could be launched by
  anybody against a relay, or by a directory cache against any client
  that had connected to it. The attacker could launch this attack as
  much as they wanted, thereby disrupting service or creating patterns
  that could aid in traffic analysis. This issue was found by OSS-Fuzz,
  and is also tracked as CVE-2020-10592.

  We do not have reason to believe that this attack is currently being
  exploited in the wild, but nonetheless we advise everyone to upgrade
  as soon as packages are available.

  o Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha):
    - Fix a denial-of-service bug that could be used by anyone to
      consume a bunch of CPU on any Tor relay or authority, or by
      directories to consume a bunch of CPU on clients or hidden
      services. Because of the potential for CPU consumption to
      introduce observable timing patterns, we are treating this as a
      high-severity security issue. Fixes bug 33119; bugfix on
      0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
      as TROVE-2020-002 and CVE-2020-10592.

  o Major bugfixes (circuit padding, memory leak, backport from 0.4.3.3-alpha):
    - Avoid a remotely triggered memory leak in the case that a circuit
      padding machine is somehow negotiated twice on the same circuit.
      Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
      This is also tracked as TROVE-2020-004 and CVE-2020-10593.

  o Minor bugfixes (bridges, backport from 0.4.3.1-alpha):
    - Lowercase the configured value of BridgeDistribution before adding
      it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha.

  o Minor bugfixes (logging, backport from 0.4.3.2-alpha):
    - If we encounter a bug when flushing a buffer to a TLS connection,
      only log the bug once per invocation of the Tor process.
      Previously we would log with every occurrence, which could cause
      us to run out of disk space. Fixes bug 33093; bugfix
      on 0.3.2.2-alpha.

  o Minor bugfixes (onion services v3, backport from 0.4.3.3-alpha):
    - Fix an assertion failure that could result from a corrupted
      ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
      bugfix on 0.3.3.1-alpha. This issue is also tracked
      as TROVE-2020-003.

  o Minor bugfixes (rust, build, backport from 0.4.3.2-alpha):
    - Fix a syntax warning given by newer versions of Rust that was
      creating problems for our continuous integration. Fixes bug 33212;
      bugfix on 0.3.5.1-alpha.

  o Testing (Travis CI, backport from 0.4.3.3-alpha):
    - Remove a redundant distcheck job. Closes ticket 33194.
    - Sort the Travis jobs in order of speed: putting the slowest jobs
      first takes full advantage of Travis job concurrency. Closes
      ticket 33194.
    - Stop allowing the Chutney IPv6 Travis job to fail. This job was
      previously configured to fast_finish (which requires
      allow_failure), to speed up the build. Closes ticket 33195.
    - When a Travis chutney job fails, use chutney's new "diagnostics.sh"
      tool to produce detailed diagnostic output. Closes ticket 32792.


Changes in version 0.3.5.10 - 2020-03-18
  Tor 0.3.5.10 backports many fixes from later Tor releases, including a
  fix for TROVE-2020-002, a major denial-of-service vulnerability that
  affected all released Tor instances since 0.2.1.5-alpha. Using this
  vulnerability, an attacker could cause Tor instances to consume a huge
  amount of CPU, disrupting their operations for several seconds or
  minutes. This attack could be launched by anybody against a relay, or
  by a directory cache against any client that had connected to it. The
  attacker could launch this attack as much as they wanted, thereby
  disrupting service or creating patterns that could aid in traffic
  analysis. This issue was found by OSS-Fuzz, and is also tracked
  as CVE-2020-10592.

  We do not have reason to believe that this attack is currently being
  exploited in the wild, but nonetheless we advise everyone to upgrade
  as soon as packages are available.

  o Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha):
    - Fix a denial-of-service bug that could be used by anyone to
      consume a bunch of CPU on any Tor relay or authority, or by
      directories to consume a bunch of CPU on clients or hidden
      services. Because of the potential for CPU consumption to
      introduce observable timing patterns, we are treating this as a
      high-severity security issue. Fixes bug 33119; bugfix on
      0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
      as TROVE-2020-002 and CVE-2020-10592.

  o Major bugfixes (linux seccomp sandbox, backport from 0.4.3.1-alpha):
    - Correct how we use libseccomp. Particularly, stop assuming that
      rules are applied in a particular order or that more rules are
      processed after the first match. Neither is the case! In
      libseccomp <2.4.0 this lead to some rules having no effect.
      libseccomp 2.4.0 changed how rules are generated, leading to a
      different ordering, which in turn led to a fatal crash during
      startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by
      Peter Gerber.

  o Minor features (continuous integration, backport from 0.4.3.2-alpha):
    - Stop allowing failures on the Travis CI stem tests job. It looks
      like all the stem hangs we were seeing before are now fixed.
      Closes ticket 33075.

  o Minor bugfixes (bridges, backport from 0.4.3.1-alpha):
    - Lowercase the configured value of BridgeDistribution before adding
      it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha.

  o Minor bugfixes (crash, backport from 0.4.2.4-rc):
    - When running Tor with an option like --verify-config or
      --dump-config that does not start the event loop, avoid crashing
      if we try to exit early because of an error. Fixes bug 32407;
      bugfix on 0.3.3.1-alpha.

  o Minor bugfixes (logging, backport from 0.4.3.2-alpha):
    - If we encounter a bug when flushing a buffer to a TLS connection,
      only log the bug once per invocation of the Tor process.
      Previously we would log with every occurrence, which could cause
      us to run out of disk space. Fixes bug 33093; bugfix
      on 0.3.2.2-alpha.

  o Minor bugfixes (onion services v3, backport from 0.4.3.3-alpha):
    - Fix an assertion failure that could result from a corrupted
      ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
      bugfix on 0.3.3.1-alpha. This issue is also tracked
      as TROVE-2020-003.

  o Minor bugfixes (rust, build, backport from 0.4.3.2-alpha):
    - Fix a syntax warning given by newer versions of Rust that was
      creating problems for our continuous integration. Fixes bug 33212;
      bugfix on 0.3.5.1-alpha.

  o Testing (backport from 0.4.3.1-alpha):
    - Re-enable the Travis CI macOS Chutney build, but don't let it
      prevent the Travis job from finishing. (The Travis macOS jobs are
      slow, so we don't want to have it delay the whole CI process.)
      Closes ticket 32629.
    - Turn off Tor's Sandbox in Chutney jobs, and run those jobs on
      Ubuntu Bionic. Turning off the Sandbox is a work-around, until we
      fix the sandbox errors in 32722. Closes ticket 32240.

  o Testing (continuous integration, backport from 0.4.3.1-alpha):
    - Use zstd in our Travis Linux builds. Closes ticket 32242.

  o Testing (Travis CI, backport from 0.4.3.3-alpha):
    - Remove a redundant distcheck job. Closes ticket 33194.
    - Sort the Travis jobs in order of speed: putting the slowest jobs
      first takes full advantage of Travis job concurrency. Closes
      ticket 33194.
    - Stop allowing the Chutney IPv6 Travis job to fail. This job was
      previously configured to fast_finish (which requires
    - When a Travis chutney job fails, use chutney's new "diagnostics.sh"
      tool to produce detailed diagnostic output. Closes ticket 32792.


440
441
442
443
444
445
Changes in version 0.4.3.2-alpha - 2020-02-10
  This is the second stable alpha release in the Tor 0.4.3.x series. It
  fixes several bugs present in the previous alpha release. Anybody
  running the previous alpha should upgrade, and look for bugs in this
  one instead.

446
447
448
449
  o Major bugfixes (onion service client, authorization):
    - On a NEWNYM signal, purge entries from the ephemeral client
      authorization cache. The permanent ones are kept. Fixes bug 33139;
      bugfix on 0.4.3.1-alpha.
450
451
452
453
454
455
456

  o Minor features (best practices tracker):
    - Practracker now supports a --regen-overbroad option to regenerate
      the exceptions file, but only to revise exceptions to be _less_
      tolerant of best-practices violations. Closes ticket 32372.

  o Minor features (continuous integration):
457
458
    - Run Doxygen Makefile target on Travis, so we can learn about
      regressions in our internal documentation. Closes ticket 32455.
459
460
461
462
463
    - Stop allowing failures on the Travis CI stem tests job. It looks
      like all the stem hangs we were seeing before are now fixed.
      Closes ticket 33075.

  o Minor bugfixes (build system):
464
465
    - Revise configure options that were either missing or incorrect in
      the configure summary. Fixes bug 32230; bugfix on 0.4.3.1-alpha.
466
467
468
469
470
471
472

  o Minor bugfixes (controller protocol):
    - Fix a memory leak introduced by refactoring of control reply
      formatting code. Fixes bug 33039; bugfix on 0.4.3.1-alpha.
    - Fix a memory leak in GETINFO responses. Fixes bug 33103; bugfix
      on 0.4.3.1-alpha.
    - When receiving "ACTIVE" or "DORMANT" signals on the control port,
473
474
      report them as SIGNAL events. Previously we would log a bug
      warning. Fixes bug 33104; bugfix on 0.4.0.1-alpha.
475
476
477
478
479
480
481
482

  o Minor bugfixes (logging):
    - If we encounter a bug when flushing a buffer to a TLS connection,
      only log the bug once per invocation of the Tor process.
      Previously we would log with every occurrence, which could cause
      us to run out of disk space. Fixes bug 33093; bugfix
      on 0.3.2.2-alpha.
    - When logging a bug, do not say "Future instances of this warning
483
      will be silenced" unless we are actually going to silence them.
484
485
486
487
      Previously we would say this whenever a BUG() check failed in the
      code. Fixes bug 33095; bugfix on 0.4.1.1-alpha.

  o Minor bugfixes (onion service v2):
488
489
490
    - Move a series of v2 onion service warnings to protocol-warning
      level because they can all be triggered remotely by a malformed
      request. Fixes bug 32706; bugfix on 0.1.1.14-alpha.
491
492
493

  o Minor bugfixes (onion service v3, client authorization):
    - When removing client authorization credentials using the control
494
      port, also remove the associated descriptor, so the onion service
495
496
      can no longer be contacted. Fixes bug 33148; bugfix
      on 0.4.3.1-alpha.
497
498

  o Minor bugfixes (pluggable transports):
499
500
501
    - When receiving a message on standard error from a pluggable
      transport, log it at info level, rather than as a warning. Fixes
      bug 33005; bugfix on 0.4.0.1-alpha.
502
503

  o Minor bugfixes (rust, build):
504
505
506
    - Fix a syntax warning given by newer versions of Rust that was
      creating problems for our continuous integration. Fixes bug 33212;
      bugfix on 0.3.5.1-alpha.
507
508

  o Minor bugfixes (TLS bug handling):
509
    - When encountering a bug in buf_read_from_tls(), return a "MISC"
510
511
512
513
514
515
516
517
518
      error code rather than "WANTWRITE". This change might help avoid
      some CPU-wasting loops if the bug is ever triggered. Bug reported
      by opara. Fixes bug 32673; bugfix on 0.3.0.4-alpha.

  o Code simplification and refactoring (mainloop):
    - Simplify the ip_address_changed() function by removing redundant
      checks. Closes ticket 33091.

  o Documentation (manpage):
519
    - Split "Circuit Timeout" options and "Node Selection" options into
520
521
522
523
      their own sections of the tor manpage. Closes tickets 32928 and
      32929. Work by Swati Thacker as part of Google Season of Docs.


524
525
526
527
528
529
530
531
532
533
534
Changes in version 0.4.2.6 - 2020-01-30
  This is the second stable release in the 0.4.2.x series. It backports
  several bugfixes from 0.4.3.1-alpha, including some that had affected
  the Linux seccomp2 sandbox or Windows services. If you're running with
  one of those configurations, you'll probably want to upgrade;
  otherwise, you should be fine with 0.4.2.5.

  o Major bugfixes (linux seccomp sandbox, backport from 0.4.3.1-alpha):
    - Correct how we use libseccomp. Particularly, stop assuming that
      rules are applied in a particular order or that more rules are
      processed after the first match. Neither is the case! In
Nick Mathewson's avatar
Nick Mathewson committed
535
      libseccomp <2.4.0 this led to some rules having no effect.
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
      libseccomp 2.4.0 changed how rules are generated, leading to a
      different ordering, which in turn led to a fatal crash during
      startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by
      Peter Gerber.
    - Fix crash when reloading logging configuration while the
      experimental sandbox is enabled. Fixes bug 32841; bugfix on
      0.4.1.7. Patch by Peter Gerber.

  o Minor bugfixes (correctness checks, backport from 0.4.3.1-alpha):
    - Use GCC/Clang's printf-checking feature to make sure that
      tor_assertf() arguments are correctly typed. Fixes bug 32765;
      bugfix on 0.4.1.1-alpha.

  o Minor bugfixes (logging, crash, backport from 0.4.3.1-alpha):
    - Avoid a possible crash when trying to log a (fatal) assertion
      failure about mismatched magic numbers in configuration objects.
      Fixes bug 32771; bugfix on 0.4.2.1-alpha.

  o Minor bugfixes (testing, backport from 0.4.3.1-alpha):
    - When TOR_DISABLE_PRACTRACKER is set, do not apply it to the
      test_practracker.sh script. Doing so caused a test failure. Fixes
      bug 32705; bugfix on 0.4.2.1-alpha.
    - When TOR_DISABLE_PRACTRACKER is set, log a notice to stderr when
      skipping practracker checks. Fixes bug 32705; bugfix
      on 0.4.2.1-alpha.

  o Minor bugfixes (windows service, backport from 0.4.3.1-alpha):
    - Initialize the publish/subscribe system when running as a windows
      service. Fixes bug 32778; bugfix on 0.4.1.1-alpha.

  o Testing (backport from 0.4.3.1-alpha):
    - Turn off Tor's Sandbox in Chutney jobs, and run those jobs on
      Ubuntu Bionic. Turning off the Sandbox is a work-around, until we
      fix the sandbox errors in 32722. Closes ticket 32240.
    - Re-enable the Travis CI macOS Chutney build, but don't let it
      prevent the Travis job from finishing. (The Travis macOS jobs are
      slow, so we don't want to have it delay the whole CI process.)
      Closes ticket 32629.

  o Testing (continuous integration, backport from 0.4.3.1-alpha):
    - Use zstd in our Travis Linux builds. Closes ticket 32242.


Changes in version 0.4.1.8 - 2020-01-30
  This release backports several bugfixes from later release series,
  including some that had affected the Linux seccomp2 sandbox or Windows
  services. If you're running with one of those configurations, you'll
  probably want to upgrade; otherwise, you should be fine with your
  current version of 0.4.1.x.

  o Major bugfixes (linux seccomp sandbox, backport from 0.4.3.1-alpha):
    - Correct how we use libseccomp. Particularly, stop assuming that
      rules are applied in a particular order or that more rules are
      processed after the first match. Neither is the case! In
Nick Mathewson's avatar
Nick Mathewson committed
590
      libseccomp <2.4.0 this led to some rules having no effect.
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
      libseccomp 2.4.0 changed how rules are generated, leading to a
      different ordering, which in turn led to a fatal crash during
      startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by
      Peter Gerber.
    - Fix crash when reloading logging configuration while the
      experimental sandbox is enabled. Fixes bug 32841; bugfix on
      0.4.1.7. Patch by Peter Gerber.

  o Minor bugfixes (crash, backport form 0.4.2.4-rc):
    - When running Tor with an option like --verify-config or
      --dump-config that does not start the event loop, avoid crashing
      if we try to exit early because of an error. Fixes bug 32407;
      bugfix on 0.3.3.1-alpha.

  o Minor bugfixes (windows service, backport from 0.4.3.1-alpha):
    - Initialize the publish/subscribe system when running as a windows
      service. Fixes bug 32778; bugfix on 0.4.1.1-alpha.

  o Testing (backport from 0.4.3.1-alpha):
    - Turn off Tor's Sandbox in Chutney jobs, and run those jobs on
      Ubuntu Bionic. Turning off the Sandbox is a work-around, until we
      fix the sandbox errors in 32722. Closes ticket 32240.
    - Re-enable the Travis CI macOS Chutney build, but don't let it
      prevent the Travis job from finishing. (The Travis macOS jobs are
      slow, so we don't want to have it delay the whole CI process.)
      Closes ticket 32629.

  o Testing (continuous integration, backport from 0.4.3.1-alpha):
    - Use zstd in our Travis Linux builds. Closes ticket 32242.


Nick Mathewson's avatar
Nick Mathewson committed
622
Changes in version 0.4.3.1-alpha - 2020-01-22
623
624
625
626
627
628
629
  This is the first alpha release in the 0.4.3.x series. It includes
  improved support for application integration of onion services, support
  for building in a client-only mode, and newly improved internal
  documentation (online at https://src-ref.docs.torproject.org/tor/). It
  also has numerous other small bugfixes and features, as well as
  improvements to our code's internal organization that should help us
  write better code in the future.
630

Nick Mathewson's avatar
Nick Mathewson committed
631
632
633
634
635
  o New system requirements:
    - When building Tor, you now need to have Python 3 in order to run
      the integration tests. (Python 2 is officially unsupported
      upstream, as of 1 Jan 2020.) Closes ticket 32608.

636
  o Major features (build system):
Nick Mathewson's avatar
Nick Mathewson committed
637
638
639
640
641
    - The relay code can now be disabled using the --disable-module-relay
      configure option. When this option is set, we also disable the
      dirauth module. Closes ticket 32123.
    - When Tor is compiled --disable-module-relay, we also omit the code
      used to act as a directory cache. Closes ticket 32487.
642
643

  o Major features (directory authority, ed25519):
Nick Mathewson's avatar
Nick Mathewson committed
644
    - Add support for banning a relay's ed25519 keys in the approved-
Nick Mathewson's avatar
Nick Mathewson committed
645
646
      routers file. This will help us migrate away from RSA keys in the
      future. Previously, only RSA keys could be banned in approved-
Nick Mathewson's avatar
Nick Mathewson committed
647
      routers. Resolves ticket 22029. Patch by Neel Chauhan.
648

Nick Mathewson's avatar
Nick Mathewson committed
649
650
651
652
653
654
655
656
657
658
  o Major features (onion service, controller):
    - New control port commands to manage client-side onion service
      authorization credentials. The ONION_CLIENT_AUTH_ADD command adds
      a credential, ONION_CLIENT_AUTH_REMOVE deletes a credential, and
      ONION_CLIENT_AUTH_VIEW lists the credentials. Closes ticket 30381.

  o Major features (onion service, SOCKS5):
    - Introduce a new SocksPort flag, ExtendedErrors, to support more
      detailed error codes in information for applications that support
      them. Closes ticket 30382; implements proposal 304.
659
660

  o Major features (proxy):
Nick Mathewson's avatar
Nick Mathewson committed
661
662
663
664
665
    - In addition to its current supported proxy types (HTTP CONNECT,
      SOCKS4, and SOCKS5), Tor can now make its OR connections through a
      HAProxy server. A new torrc option was added to specify the
      address/port of the server: TCPProxy <protocol> <host>:<port>.
      Currently the only supported protocol for the option is haproxy.
666
      Closes ticket 31518. Patch done by Suphanat Chunhapanya (haxxpop).
Nick Mathewson's avatar
Nick Mathewson committed
667
668
669
670
671

  o Major bugfixes (linux seccomp sandbox):
    - Correct how we use libseccomp. Particularly, stop assuming that
      rules are applied in a particular order or that more rules are
      processed after the first match. Neither is the case! In
Nick Mathewson's avatar
Nick Mathewson committed
672
      libseccomp <2.4.0 this led to some rules having no effect.
673
674
      libseccomp 2.4.0 changed how rules are generated, leading to a
      different ordering, which in turn led to a fatal crash during
Nick Mathewson's avatar
Nick Mathewson committed
675
676
677
678
679
      startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by
      Peter Gerber.
    - Fix crash when reloading logging configuration while the
      experimental sandbox is enabled. Fixes bug 32841; bugfix on
      0.4.1.7. Patch by Peter Gerber.
680
681
682
683
684
685
686

  o Major bugfixes (networking):
    - Correctly handle IPv6 addresses in SOCKS5 RESOLVE_PTR requests,
      and accept strings as well as binary addresses. Fixes bug 32315;
      bugfix on 0.3.5.1-alpha.

  o Major bugfixes (onion service):
687
688
689
690
691
    - Report HS circuit failure back into the HS subsystem so we take
      appropriate action with regards to the client introduction point
      failure cache. This improves reachability of onion services, since
      now clients notice failing introduction circuits properly. Fixes
      bug 32020; bugfix on 0.3.2.1-alpha.
692
693

  o Minor feature (configure, build system):
Nick Mathewson's avatar
Nick Mathewson committed
694
695
    - Output a list of enabled/disabled features at the end of the
      configure process in a pleasing way. Closes ticket 31373.
696
697

  o Minor feature (heartbeat, onion service):
Nick Mathewson's avatar
Nick Mathewson committed
698
699
    - Add the DoS INTRODUCE2 defenses counter to the heartbeat DoS
      message. Closes ticket 31371.
700
701
702

  o Minor features (configuration validation):
    - Configuration validation can now be done by per-module callbacks,
Nick Mathewson's avatar
Nick Mathewson committed
703
704
705
      rather than a global validation function. This will let us reduce
      the size of config.c and some of its more cumbersome functions.
      Closes ticket 31241.
706
707

  o Minor features (configuration):
Nick Mathewson's avatar
Nick Mathewson committed
708
    - If a configured hardware crypto accelerator in AccelName is
Nick Mathewson's avatar
Nick Mathewson committed
709
710
      prefixed with "!", Tor now exits when it cannot be found. Closes
      ticket 32406.
Nick Mathewson's avatar
Nick Mathewson committed
711
    - We now use flag-driven logic to warn about obsolete configuration
Nick Mathewson's avatar
Nick Mathewson committed
712
713
      fields, so that we can include their names. In 0.4.2, we used a
      special type, which prevented us from generating good warnings.
714
715
716
717
      Implements ticket 32404.

  o Minor features (controller):
    - Add stream isolation data to STREAM event. Closes ticket 19859.
Nick Mathewson's avatar
Nick Mathewson committed
718
719
    - Implement a new GETINFO command to fetch microdescriptor
      consensus. Closes ticket 31684.
720
721

  o Minor features (debugging, directory system):
Nick Mathewson's avatar
Nick Mathewson committed
722
723
724
    - Don't crash when we find a non-guard with a guard-fraction value
      set. Instead, log a bug warning, in an attempt to figure out how
      this happened. Diagnostic for ticket 32868.
725
726

  o Minor features (defense in depth):
Nick Mathewson's avatar
Nick Mathewson committed
727
728
    - Add additional checks around tor_vasprintf() usage, in case the
      function returns an error. Patch by Tobias Stoeckmann. Fixes
Nick Mathewson's avatar
Nick Mathewson committed
729
      ticket 31147.
730
731

  o Minor features (developer tooling):
Nick Mathewson's avatar
Nick Mathewson committed
732
    - Remove the 0.2.9.x series branches from git scripts (git-merge-
Nick Mathewson's avatar
Nick Mathewson committed
733
734
      forward.sh, git-pull-all.sh, git-push-all.sh, git-setup-dirs.sh).
      Closes ticket 32772.
735
736

  o Minor features (developer tools):
Nick Mathewson's avatar
Nick Mathewson committed
737
738
    - Add a check_cocci_parse.sh script that checks that new code is
      parseable by Coccinelle. Add an exceptions file for unparseable
Nick Mathewson's avatar
Nick Mathewson committed
739
740
741
      files, and run the script from travis CI. Closes ticket 31919.
    - Call the check_cocci_parse.sh script from a 'check-cocci' Makefile
      target. Closes ticket 31919.
742
743
744
745
746
    - Add a rename_c_identifiers.py tool to rename a bunch of C
      identifiers at once, and generate a well-formed commit message
      describing the change. This should help with refactoring. Closes
      ticket 32237.
    - Add some scripts in "scripts/coccinelle" to invoke the Coccinelle
Nick Mathewson's avatar
Nick Mathewson committed
747
748
749
      semantic patching tool with the correct flags. These flags are
      fairly easy to forget, and these scripts should help us use
      Coccinelle more effectively in the future. Closes ticket 31705.
750
751
752

  o Minor features (Doxygen):
    - Update Doxygen configuration file to a more recent template (from
Nick Mathewson's avatar
Nick Mathewson committed
753
754
755
      1.8.15). Closes ticket 32110.
    - "make doxygen" now works with out-of-tree builds. Closes
      ticket 32113.
Nick Mathewson's avatar
Nick Mathewson committed
756
757
758
    - Make sure that doxygen outputs documentation for all of our C
      files. Previously, some were missing @file declarations, causing
      them to be ignored. Closes ticket 32307.
759
    - Our "make doxygen" target now respects --enable-fatal-warnings by
Nick Mathewson's avatar
Nick Mathewson committed
760
761
762
763
      default, and does not warn about items that are missing
      documentation. To warn about missing documentation, run configure
      with the "--enable-missing-doc-warnings" flag: doing so suspends
      fatal warnings for doxygen. Closes ticket 32385.
764
765
766
767

  o Minor features (git scripts):
    - Add TOR_EXTRA_CLONE_ARGS to git-setup-dirs.sh for git clone
      customisation. Closes ticket 32347.
Nick Mathewson's avatar
Nick Mathewson committed
768
769
    - Add git-setup-dirs.sh, which sets up an upstream git repository
      and worktrees for tor maintainers. Closes ticket 29603.
770
771
    - Add TOR_EXTRA_REMOTE_* to git-setup-dirs.sh for a custom extra
      remote. Closes ticket 32347.
Nick Mathewson's avatar
Nick Mathewson committed
772
773
774
775
    - Call the check_cocci_parse.sh script from the git commit and push
      hooks. Closes ticket 31919.
    - Make git-push-all.sh skip unchanged branches when pushing to
      upstream. The script already skipped unchanged test branches.
776
      Closes ticket 32216.
Nick Mathewson's avatar
Nick Mathewson committed
777
778
779
780
    - Make git-setup-dirs.sh create a master symlink in the worktree
      directory. Closes ticket 32347.
    - Skip unmodified source files when doing some existing git hook
      checks. Related to ticket 31919.
781
782
783

  o Minor features (IPv6, client):
    - Make Tor clients tell dual-stack exits that they prefer IPv6
Nick Mathewson's avatar
Nick Mathewson committed
784
785
786
787
      connections. This change is equivalent to setting the PreferIPv6
      flag on SOCKSPorts (and most other listener ports). Tor Browser
      has been setting this flag for some time, and we want to remove a
      client distinguisher at exits. Closes ticket 32637.
788
789

  o Minor features (portability, android):
Nick Mathewson's avatar
Nick Mathewson committed
790
791
    - When building for Android, disable some tests that depend on $HOME
      and/or pwdb, which Android doesn't have. Closes ticket 32825.
792
793
      Patch from Hans-Christoph Steiner.

Nick Mathewson's avatar
Nick Mathewson committed
794
  o Minor features (relay modularity):
795
    - Split the relay and server pluggable transport config code into
Nick Mathewson's avatar
Nick Mathewson committed
796
      separate files in the relay module. Disable this code when the
Nick Mathewson's avatar
Nick Mathewson committed
797
      relay module is disabled. Closes part of ticket 32213.
798
799
800
    - When the relay module is disabled, reject attempts to set the
      ORPort, DirPort, DirCache, BridgeRelay, ExtORPort, or
      ServerTransport* options, rather than ignoring the values of these
Nick Mathewson's avatar
Nick Mathewson committed
801
      options. Closes part of ticket 32213.
802
803

  o Minor features (relay):
Nick Mathewson's avatar
Nick Mathewson committed
804
805
    - When the relay module is disabled, change the default config so
      that DirCache is 0, and ClientOnly is 1. Closes ticket 32410.
806
807

  o Minor features (release tools):
Nick Mathewson's avatar
Nick Mathewson committed
808
    - Port our ChangeLog formatting and sorting tools to Python 3.
809
810
811
      Closes ticket 32704.

  o Minor features (testing):
Nick Mathewson's avatar
Nick Mathewson committed
812
    - Detect some common failure cases for test_parseconf.sh in
813
814
815
      src/test/conf_failures. Closes ticket 32451.
    - Allow test_parseconf.sh to test expected log outputs for successful
      configs, as well as failed configs. Closes ticket 32451.
Nick Mathewson's avatar
Nick Mathewson committed
816
817
818
    - The test_parseconf.sh script now supports result variants for any
      combination of the optional libraries lzma, nss, and zstd. Closes
      ticket 32397.
819
820

  o Minor features (tests, Android):
Nick Mathewson's avatar
Nick Mathewson committed
821
822
823
    - When running the unit tests on Android, create temporary files in
      a subdirectory of /data/local/tmp. Closes ticket 32172. Based on a
      patch from Hans-Christoph Steiner.
824
825

  o Minor bugfixes (bridges):
Nick Mathewson's avatar
Nick Mathewson committed
826
    - Lowercase the configured value of BridgeDistribution before adding
Nick Mathewson's avatar
Nick Mathewson committed
827
      it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha.
828

Nick Mathewson's avatar
Nick Mathewson committed
829
  o Minor bugfixes (build system):
Nick Mathewson's avatar
Nick Mathewson committed
830
831
    - Fix "make autostyle" for out-of-tree builds. Fixes bug 32370;
      bugfix on 0.4.1.2-alpha.
832
833

  o Minor bugfixes (configuration handling):
Nick Mathewson's avatar
Nick Mathewson committed
834
    - Make control_event_conf_changed() take in a config_line_t instead
Nick Mathewson's avatar
Nick Mathewson committed
835
836
      of a smartlist of alternating key/value entries. Fixes bug 31531;
      bugfix on 0.2.3.3-alpha. Patch by Neel Chauhan.
837
838

  o Minor bugfixes (configuration):
Nick Mathewson's avatar
Nick Mathewson committed
839
840
841
842
843
844
845
    - Check for multiplication overflow when parsing memory units inside
      configuration. Fixes bug 30920; bugfix on 0.0.9rc1.
    - When dumping the configuration, stop adding a trailing space after
      the option name when there is no option value. This issue only
      affects options that accept an empty value or list. (Most options
      reject empty values, or delete the entire line from the dumped
      options.) Fixes bug 32352; bugfix on 0.0.9pre6.
Nick Mathewson's avatar
Nick Mathewson committed
846
847
848
    - Avoid changing the user's value of HardwareAccel as stored by
      SAVECONF, when AccelName is set but HardwareAccel is not. Fixes
      bug 32382; bugfix on 0.2.2.1-alpha.
849
850
    - When creating a KeyDirectory with the same location as the
      DataDirectory (not recommended), respect the DataDirectory's
Nick Mathewson's avatar
Nick Mathewson committed
851
852
      group-readable setting if one has not been set for the
      KeyDirectory. Fixes bug 27992; bugfix on 0.3.3.1-alpha.
853
854

  o Minor bugfixes (controller):
Nick Mathewson's avatar
Nick Mathewson committed
855
856
857
    - In routerstatus_has_changed(), check all the fields that are
      output over the control port. Fixes bug 20218; bugfix
      on 0.1.1.11-alpha
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876

  o Minor bugfixes (correctness checks):
    - Use GCC/Clang's printf-checking feature to make sure that
      tor_assertf() arguments are correctly typed. Fixes bug 32765;
      bugfix on 0.4.1.1-alpha.

  o Minor bugfixes (developer tools):
    - Allow paths starting with ./ in scripts/add_c_file.py. Fixes bug
      31336; bugfix on 0.4.1.2-alpha.

  o Minor bugfixes (dirauth module):
    - Split the dirauth config code into a separate file in the dirauth
      module. Disable this code when the dirauth module is disabled.
      Closes ticket 32213.
    - When the dirauth module is disabled, reject attempts to set the
      AuthoritativeDir option, rather than ignoring the value of the
      option. Fixes bug 32213; bugfix on 0.3.4.1-alpha.

  o Minor bugfixes (embedded Tor):
Nick Mathewson's avatar
Nick Mathewson committed
877
878
879
880
881
    - When starting Tor any time after the first time in a process,
      register the thread in which it is running as the main thread.
      Previously, we only did this on Windows, which could lead to bugs
      like 23081 on non-Windows platforms. Fixes bug 32884; bugfix
      on 0.3.3.1-alpha.
882
883

  o Minor bugfixes (git scripts):
Nick Mathewson's avatar
Nick Mathewson committed
884
885
    - Avoid sleeping before the last push in git-push-all.sh. Closes
      ticket 32216.
886
887
888
889
    - Forward all unrecognised arguments in git-push-all.sh to git push.
      Closes ticket 32216.

  o Minor bugfixes (hidden service v3):
890
    - Do not rely on a "circuit established" flag for intro circuits but
Nick Mathewson's avatar
Nick Mathewson committed
891
892
893
      instead always query the HS circuit map. This is to avoid sync
      issue with that flag and the map. Fixes bug 32094; bugfix
      on 0.3.2.1-alpha.
894
895

  o Minor bugfixes (logging, crash):
Nick Mathewson's avatar
Nick Mathewson committed
896
897
898
    - Avoid a possible crash when trying to log a (fatal) assertion
      failure about mismatched magic numbers in configuration objects.
      Fixes bug 32771; bugfix on 0.4.2.1-alpha.
899
900

  o Minor bugfixes (onion service v2):
Nick Mathewson's avatar
Nick Mathewson committed
901
902
    - When sending the INTRO cell for a v2 Onion Service, look at the
      failure cache alongside timeout values to check if the intro point
903
      is marked as failed. Previously, we only looked at the relay
Nick Mathewson's avatar
Nick Mathewson committed
904
905
      timeout values. Fixes bug 25568; bugfix on 0.2.7.3-rc. Patch by
      Neel Chauhan.
906
907

  o Minor bugfixes (onion services v3, client):
Nick Mathewson's avatar
Nick Mathewson committed
908
909
910
911
912
    - Properly handle the client rendezvous circuit timeout. Previously
      Tor would sometimes timeout a rendezvous circuit awaiting the
      introduction ACK, and find itself unable to re-establish all
      circuits because the rendezvous circuit timed out too early. Fixes
      bug 32021; bugfix on 0.3.2.1-alpha.
913
914

  o Minor bugfixes (onion services):
Nick Mathewson's avatar
Nick Mathewson committed
915
916
917
    - In cancel_descriptor_fetches(), use
      connection_list_by_type_purpose() instead of
      connection_list_by_type_state(). Fixes bug 32639; bugfix on
918
919
920
      0.3.2.1-alpha. Patch by Neel Chauhan.

  o Minor bugfixes (scripts):
Nick Mathewson's avatar
Nick Mathewson committed
921
922
    - Fix update_versions.py for out-of-tree builds. Fixes bug 32371;
      bugfix on 0.4.0.1-alpha.
923
924

  o Minor bugfixes (test):
Nick Mathewson's avatar
Nick Mathewson committed
925
926
    - Use the same code to find the tor binary in all of our test
      scripts. This change makes sure we are always using the coverage
Nick Mathewson's avatar
Nick Mathewson committed
927
      binary when coverage is enabled. Fixes bug 32368; bugfix
Nick Mathewson's avatar
Nick Mathewson committed
928
      on 0.2.7.3-rc.
929
930
931
932
933

  o Minor bugfixes (testing):
    - Stop ignoring "tor --dump-config" errors in test_parseconf.sh.
      Fixes bug 32468; bugfix on 0.4.2.1-alpha.
    - When TOR_DISABLE_PRACTRACKER is set, do not apply it to the
Nick Mathewson's avatar
Nick Mathewson committed
934
935
936
937
938
      test_practracker.sh script. Doing so caused a test failure. Fixes
      bug 32705; bugfix on 0.4.2.1-alpha.
    - When TOR_DISABLE_PRACTRACKER is set, log a notice to stderr when
      skipping practracker checks. Fixes bug 32705; bugfix
      on 0.4.2.1-alpha.
939
940

  o Minor bugfixes (tests):
Nick Mathewson's avatar
Nick Mathewson committed
941
    - Our option-validation tests no longer depend on specially
942
      configured non-default, non-passing sets of options. Previously,
Nick Mathewson's avatar
Nick Mathewson committed
943
944
945
      the tests had been written to assume that options would _not_ be
      set to their defaults, which led to needless complexity and
      verbosity. Fixes bug 32175; bugfix on 0.2.8.1-alpha.
946
947

  o Minor bugfixes (windows service):
Nick Mathewson's avatar
Nick Mathewson committed
948
    - Initialize the publish/subscribe system when running as a windows
Nick Mathewson's avatar
Nick Mathewson committed
949
      service. Fixes bug 32778; bugfix on 0.4.1.1-alpha.
950
951

  o Deprecated features:
Nick Mathewson's avatar
Nick Mathewson committed
952
    - Deprecate the ClientAutoIPv6ORPort option. This option was not
953
954
955
      true "Happy Eyeballs", and often failed on connections that
      weren't reliably dual-stack. Closes ticket 32942. Patch by
      Neel Chauhan.
956
957

  o Documentation:
958
959
    - Provide a quickstart guide for a Circuit Padding Framework, and
      documentation for researchers to implement and study circuit
Nick Mathewson's avatar
Nick Mathewson committed
960
      padding machines. Closes ticket 28804.
Nick Mathewson's avatar
Nick Mathewson committed
961
962
    - Add documentation in 'HelpfulTools.md' to describe how to build a
      tag file. Closes ticket 32779.
963
    - Create a high-level description of the long-term software
Nick Mathewson's avatar
Nick Mathewson committed
964
965
966
      architecture goals. Closes ticket 32206.
    - Describe the --dump-config command in the manual page. Closes
      ticket 32467.
967
968
969
970
    - Unite coding advice from this_not_that.md in torguts repo into our
      coding standards document. Resolves ticket 31853.

  o Removed features:
Nick Mathewson's avatar
Nick Mathewson committed
971
    - Our Doxygen configuration no longer generates LaTeX output. The
972
      reference manual produced by doing this was over 4000 pages long,
Nick Mathewson's avatar
Nick Mathewson committed
973
974
975
976
977
      and generally unusable. Closes ticket 32099.
    - The option "TestingEstimatedDescriptorPropagationTime" is now
      marked as obsolete. It has had no effect since 0.3.0.7, when
      clients stopped rejecting consensuses "from the future". Closes
      ticket 32807.
978
979
    - We no longer support consensus methods before method 28; these
      methods were only used by authorities running versions of Tor that
980
      are now at end-of-life. In effect, this means that clients,
981
982
983
      relays, and authorities now assume that authorities will be
      running version 0.3.5.x or later. Closes ticket 32695.

Nick Mathewson's avatar
Nick Mathewson committed
984
985
986
987
988
989
990
991
  o Testing:
    - Add more test cases for tor's UTF-8 validation function. Also,
      check the arguments passed to the function for consistency. Closes
      ticket 32845.
    - Improve test coverage for relay and dirauth config code, focusing
      on option validation and normalization. Closes ticket 32213.
    - Improve the consistency of test_parseconf.sh output, and run all
      the tests, even if one fails. Closes ticket 32213.
992
993
994
    - Re-enable the Travis CI macOS Chutney build, but don't let it
      prevent the Travis job from finishing. (The Travis macOS jobs are
      slow, so we don't want to have it delay the whole CI process.)
Nick Mathewson's avatar
Nick Mathewson committed
995
996
997
998
999
1000
      Closes ticket 32629.
    - Run the practracker unit tests in the pre-commit git hook. Closes
      ticket 32609.
    - Turn off Tor's Sandbox in Chutney jobs, and run those jobs on
      Ubuntu Bionic. Turning off the Sandbox is a work-around, until we
      fix the sandbox errors in 32722. Closes ticket 32240.
For faster browsing, not all history is shown. View entire blame