commit e5d78c70b00a2afe1c4f98638ce53315be141789 Author: Nick Mathewson nickm@torproject.org Date: Fri Feb 9 15:58:26 2018 -0500
Begin work on a changelog --- ChangeLog | 151 +++++++++++++++++++++++++++++++++++++++++++++++ changes/bug22212-forreal | 8 --- changes/bug23954 | 4 -- changes/bug24469 | 4 -- changes/bug24700 | 4 -- changes/bug24859 | 4 -- changes/bug24927 | 4 -- changes/bug24952 | 5 -- changes/bug24972 | 4 -- changes/bug24975 | 6 -- changes/bug24976 | 5 -- changes/bug25008 | 9 --- changes/bug25026 | 4 -- changes/bug25070 | 3 - changes/bug25105 | 5 -- changes/bug25113 | 5 -- changes/bug25116 | 4 -- changes/bug25127 | 7 --- changes/geoip-2018-02-07 | 4 -- changes/ticket23650 | 4 -- changes/ticket24849 | 3 - changes/ticket24902 | 13 ---- changes/ticket25108 | 3 - changes/ticket25122 | 4 -- changes/ticket25163 | 4 -- changes/ticket25170 | 5 -- 26 files changed, 151 insertions(+), 125 deletions(-)
diff --git a/ChangeLog b/ChangeLog index b97d2f9eb..3accb494f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,154 @@ +Changes in version 0.3.3.2-alpha - 2018-02-09 + Blurb here. + + o Major features (denial-of-service mitigation): + - Give relays some defenses against the recent network overload. We + start with three defenses (default parameters in parentheses). + First: if a single client address makes too many concurrent + connections (>100), hang up on further connections. Second: if a + single client address makes circuits too quickly (more than 3 per + second, with an allowed burst of 90) while also having too many + connections open (3), refuse new create cells for the next while + (1-2 hours). Third: if a client asks to establish a rendezvous + point to you directly, ignore the request. These defenses can be + manually controlled by new torrc options, but relays will also + take guidance from consensus parameters, so there's no need to + configure anything manually. Implements ticket 24902. + + o Major bugfixes (netflow padding): + - Stop adding unneeded channel padding right after we finish + flushing to a connection that has been trying to flush for many + seconds. Instead, treat all partial or complete flushes as + activity on the channel, which will defer the time until we need + to add padding. This fix should resolve confusing and scary log + messages like "Channel padding timeout scheduled 221453ms in the + past." Fixes bug 22212; bugfix on 0.3.1.1-alpha. + + o Major bugfixes (protocol versions): + - Add Link protocol version 5 to the supported protocols list. Fixes + bug 25070; bugfix on 0.3.1.1-alpha. + + o Major bugfixes (scheduler, consensus): + - A logic in the code was preventing the scheduler subystem to + properly make a decision based on the latest consensus when it + arrives. This lead to the scheduler failing to notice any + consensus parameters that might have changed between consensuses. + Fixes bug 24975; bugfix on 0.3.2.1-alpha. + + o Minor features (denial-of-service avoidance): + - Make our OOM handler aware of the geoip client history cache so it + doesn't fill up the memory which is especially important for IPv6 + and our DoS mitigation subsystem. Closes ticket 25122. + + o Minor features (directory authority): + - When unable to add signatures to a pending consensus, log the + reason why. Closes ticket 24849. + + o Minor features (geoip): + - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2 + Country database. + + o Minor features (logging, diagnostic): + - When logging a failure to check a onion service's certificate, + also log what the problem with the certificate was. Diagnostic for + ticket 24972. + + o Minor bugfix (channel connection): + - The accurate address of a connection is real_addr, not the addr + member. TLS Channel remote address is now real_addr content + instead of addr member. Fixes bug 24952; bugfix on 707c1e2e26 in + 0.2.4.11-alpha. Patch by "ffmancera". + + o Minor bugfix (directory authority, documentation): + - When a fingerprint or network address is marked as rejected, the + returned message by the authority now explicitly mention to set a + valid ContactInfo address and contact the bad-relays@ mailing + list. Fixes bug 25170; bugfix on 0.2.9.1. + + o Minor bugfixes (all versions of Tor): + - Use the "misspell" tool to detect and fix typos throughout the + source code. Fixes bug 23650; bugfix on various versions of Tor. + Patch from Deepesh Pathak. + + o Minor bugfixes (circuit, cannibalization): + - Don't cannibalize circuits for which we don't know the first hop + which can happen if our Guard relay went off the consensus after + the circuit was created preemptively. Fixes bug 24469; bugfix + on 0.0.6. + + o Minor bugfixes (correctness): + - Remove a nonworking, unnecessary check to see whether a circuit + hop's identity was set when the circuit failed. Fixes bug 24927; + bugfix on 0.2.4.4-alpha. + + o Minor bugfixes (onion services): + - Remove a BUG() statement which can be triggered in normal + circumstances where a client fetches a descriptor that has a lower + revision counter than the one in its cache. This can happen due to + HSDir desync. Fixes bug 24976; bugfix on 0.3.2.1-alpha. + - Don't log in the heartbeat any long term established one hop + rendezvous points if tor is a single onion service. Fixes bug + 25116; bugfix on 0.2.9.6-rc; + + o Minor bugfixes (logging): + - Don't treat inability to store a cached consensus object as a bug: + it can happen normally when we are out of disk space. Fixes bug + 24859; bugfix on 0.3.1.1-alpha. + - Fix a (mostly harmless) race condition when invoking + LOG_PROTOCOL_WARN message from a subthread while the options are + changing. Fixes bug 23954; bugfix on 0.1.1.9-alpha. + + o Minor bugfixes (performance): + - Avoid calling protocol_list_supports_protocol() from inside tight + loops when running with cached routerinfo_t objects. Instead, + summarize the relevant protocols as flags in the routerinfo_t, as + we do for routerstatus_t objects. This change simplifies our code + a little, and saves a large amount of short-term memory allocation + operations. Fixes bug 25008; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (Rust FFI): + - Fix a minor memory leak which would happen whenever the C code + would call the Rust implementation of + protover_get_supported_protocols(). This was due to the C version + returning a static string, whereas the Rust version newly allocated + a CString to pass accross the FFI boundary. Consequently, the C + code was not expecting to need to free() what it was given. Fixes + bug 25127; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (scheduler, KIST): + - Avoid adding the same channel twice in the KIST scheduler pending + list wasting CPU cycles at handling the same channel twice. Fixes + bug 24700; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (unit test, monotonic time): + - Bump a gap of 1msec to 10msec used in the monotonic time test that + makes sure the nsec/usec/msec time read are synchronized. This + change was needed to accommodate slow system like armel or when + the clock_gettime() is not a VDSO on the running kernel. Fixes bug + 25113; bugfix on 0.2.9.1. + + o Minor bugfixes (v3 onion services): + - Look at the "HSRend" protocol version, not the "HSDir" protocol + version, when deciding whether a consensus entry can support the + v3 onion service protocol as a rendezvous point. Fixes bug 25105; + bugfix on 0.3.2.1-alpha. + + o Code simplification and refactoring: + - Remove the unused nodelist_recompute_all_hsdir_indices(). Closes + ticket 25108. + + o Documentation: + - HiddenServiceVersion only accepts one version to be specified. + This version can either be version 2 or 3. Closes ticket 25026; + bugfix on 0.3.2.2-alpha. + + o Code simplification and refactoring (rephist): + - Remove a series of counters used to track circuit extend attemps + and connection status but that in reality we aren't using for + anything other than stats logged by a SIGUSR1 signal. Closes + ticket 25163. + + Changes in version 0.3.3.1-alpha - 2018-01-25 Tor 0.3.3.1-alpha is the first release in the 0.3.3.x series. It adds several new features to Tor, including several improvements to diff --git a/changes/bug22212-forreal b/changes/bug22212-forreal deleted file mode 100644 index 159d0990e..000000000 --- a/changes/bug22212-forreal +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (netflow padding): - - Stop adding unneeded channel padding right after we finish flushing - to a connection that has been trying to flush for many seconds. - Instead, treat all partial or complete flushes as activity on the - channel, which will defer the time until we need to add padding. - This fix should resolve confusing and scary log messages like - "Channel padding timeout scheduled 221453ms in the past." Fixes - bug 22212; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug23954 b/changes/bug23954 deleted file mode 100644 index 185814f12..000000000 --- a/changes/bug23954 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (logging, race conditions): - - Fix a (mostly harmless) race condition when invoking - LOG_PROTOCOL_WARN message from a subthread while the options are - changing. Fixes bug 23954; bugfix on 0.1.1.9-alpha. diff --git a/changes/bug24469 b/changes/bug24469 deleted file mode 100644 index 2e137b49b..000000000 --- a/changes/bug24469 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (circuit, cannibalization): - - Don't cannibalize circuits for which we don't know the first hop which - can happen if our Guard relay went off the consensus after the circuit - was created preemptively. Fixes bug 24469; bugfix on 0.0.6. diff --git a/changes/bug24700 b/changes/bug24700 deleted file mode 100644 index 74dc581a0..000000000 --- a/changes/bug24700 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (scheduler, KIST): - - Avoid adding the same channel twice in the KIST scheduler pending list - wasting CPU cycles at handling the same channel twice. Fixes bug 24700; - bugfix on 0.3.2.1-alpha. diff --git a/changes/bug24859 b/changes/bug24859 deleted file mode 100644 index 122109d65..000000000 --- a/changes/bug24859 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (logging): - - Don't treat inability to store a cached consensus object as a - bug: it can happen normally when we are out of disk space. - Fixes bug 24859; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug24927 b/changes/bug24927 deleted file mode 100644 index 699730695..000000000 --- a/changes/bug24927 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (correctness): - - Remove nonworking, unnecessary check to see whether a circuit hop's - identity was set when the circuit failed. Fixes bug 24927; bugfix on - 0.2.4.4-alpha. diff --git a/changes/bug24952 b/changes/bug24952 deleted file mode 100644 index 93174c04f..000000000 --- a/changes/bug24952 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfix (channel connection): - - The accurate address of a connection is real_addr, not the addr member. - TLS Channel remote address is now real_addr content instead of addr - member. Fixes bug 24952; bugfix on 707c1e2e26 in 0.2.4.11-alpha. - Patch by "ffmancera". diff --git a/changes/bug24972 b/changes/bug24972 deleted file mode 100644 index 5adf970ab..000000000 --- a/changes/bug24972 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (logging, diagnostic): - - When logging a failure to check a hidden service's certificate, - also log what the problem with the certificate was. Diagnostic - for ticket 24972. diff --git a/changes/bug24975 b/changes/bug24975 deleted file mode 100644 index 32a5dfc92..000000000 --- a/changes/bug24975 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (scheduler, consensus): - - A logic in the code was preventing the scheduler subystem to properly - make a decision based on the latest consensus when it arrives. This lead - to the scheduler failing to notice any consensus parameters that might - have changed between consensuses. Fixes bug 24975; bugfix on - 0.3.2.1-alpha. diff --git a/changes/bug24976 b/changes/bug24976 deleted file mode 100644 index 9c3be86ea..000000000 --- a/changes/bug24976 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (hidden service v3 client): - - Remove a BUG() statement which can be triggered in normal circumstances - where a client fetches a descriptor that has a lower revision counter - than the one in its cache. This can happen due to HSDir desync. Fixes - bug 24976; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug25008 b/changes/bug25008 deleted file mode 100644 index 5ddc06298..000000000 --- a/changes/bug25008 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes (performance): - - Avoid calling protocol_list_supports_protocol() from inside tight loops - when running with cached routerinfo_t objects. Instead, - summarize the relevant protocols as flags in the routerinfo_t, as we do - for routerstatus_t objects. This change simplifies our code a little, - and saves a large amount of short-term memory allocation operations. - Fixes bug 25008; bugfix on 0.2.9.4-alpha. - - diff --git a/changes/bug25026 b/changes/bug25026 deleted file mode 100644 index 24a64a562..000000000 --- a/changes/bug25026 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - HiddenServiceVersion only accepts one version to be specified. This - version can either be version 2 or 3. Closes ticket 25026; bugfix on - 0.3.2.2-alpha. diff --git a/changes/bug25070 b/changes/bug25070 deleted file mode 100644 index c2f4e58c4..000000000 --- a/changes/bug25070 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes (protocol versions): - - Add Link protocol version 5 to the supported protocols list. - Fixes bug 25070; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug25105 b/changes/bug25105 deleted file mode 100644 index 36d1a5f16..000000000 --- a/changes/bug25105 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (v3 onion services): - - Look at the "HSRend" protocol version, not the "HSDir" protocol - version, when deciding whether a consensus entry can support - the v3 onion service protocol as a rendezvous point. - Fixes bug 25105; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug25113 b/changes/bug25113 deleted file mode 100644 index 4a020b784..000000000 --- a/changes/bug25113 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (unit test, monotonic time): - - Bump a gap of 1msec to 10msec used in the monotonic time test that makes - sure the nsec/usec/msec time read are synchronized. This change was - needed to accommodate slow system like armel or when the clock_gettime() - is not a VDSO on the running kernel. Fixes bug 25113; bugfix on 0.2.9.1. diff --git a/changes/bug25116 b/changes/bug25116 deleted file mode 100644 index b3e73feea..000000000 --- a/changes/bug25116 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (hidden service, heartbeat): - - Don't log in the heartbeat any long term established one hop rendezvous - points if tor is a single onion service. Fixes bug 25116; bugfix on - 0.2.9.6-rc; diff --git a/changes/bug25127 b/changes/bug25127 deleted file mode 100644 index 3438ed125..000000000 --- a/changes/bug25127 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (Rust FFI): - - Fix a minor memory leak which would happen whenever the C code would call - the Rust implementation of protover_get_supported_protocols(). This was - due to the C version returning a static string, whereas the Rust version - newly allocated a CString to pass accross the FFI boundary. Consequently, - the C code was not expecting to need to free() what it was given. Fixes - bug 25127; bugfix on 0.3.2.1-alpha. diff --git a/changes/geoip-2018-02-07 b/changes/geoip-2018-02-07 deleted file mode 100644 index f45228fd7..000000000 --- a/changes/geoip-2018-02-07 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2 - Country database. - diff --git a/changes/ticket23650 b/changes/ticket23650 deleted file mode 100644 index cf5eb39d5..000000000 --- a/changes/ticket23650 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (all versions of Tor): - - Use the "misspell" tool to detect and fix typos throughout the source - code. Fixes bug 23650; bugfix on various versions of Tor. Patch - from Deepesh Pathak. diff --git a/changes/ticket24849 b/changes/ticket24849 deleted file mode 100644 index fd9492acb..000000000 --- a/changes/ticket24849 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (directory authority): - - When unable to add signatures to a pending consensus, log the reason - why. Closes ticket 24849. diff --git a/changes/ticket24902 b/changes/ticket24902 deleted file mode 100644 index 1a2ef95cc..000000000 --- a/changes/ticket24902 +++ /dev/null @@ -1,13 +0,0 @@ - o Major features (denial of service mitigation): - - Give relays some defenses against the recent network overload. We start - with three defenses (default parameters in parentheses). First: if a - single client address makes too many concurrent connections (>100), hang - up on further connections. Second: if a single client address makes - circuits too quickly (more than 3 per second, with an allowed burst of - 90) while also having too many connections open (3), refuse new create - cells for the next while (1-2 hours). Third: if a client asks to - establish a rendezvous point to you directly, ignore the request. These - defenses can be manually controlled by new torrc options, but relays - will also take guidance from consensus parameters, so there's no need to - configure anything manually. Implements ticket 24902. - diff --git a/changes/ticket25108 b/changes/ticket25108 deleted file mode 100644 index 6aefac16d..000000000 --- a/changes/ticket25108 +++ /dev/null @@ -1,3 +0,0 @@ - o Code simplification and refactoring: - - Remove the unused nodelist_recompute_all_hsdir_indices(). Closes ticket - 25108. diff --git a/changes/ticket25122 b/changes/ticket25122 deleted file mode 100644 index 2921811b2..000000000 --- a/changes/ticket25122 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor feature (geoip cache): - - Make our OOM handler aware of the geoip client history cache so it - doesn't fill up the memory which is especially important for IPv6 and - our DoS mitigation subsystem. Closes ticket 25122. diff --git a/changes/ticket25163 b/changes/ticket25163 deleted file mode 100644 index 6d237db75..000000000 --- a/changes/ticket25163 +++ /dev/null @@ -1,4 +0,0 @@ - o Code simplification and refactoring (rephist): - - Remove a series of counters used to track circuit extend attemps and - connection status but that in reality we aren't using for anything other - than stats logged by a SIGUSR1 signal. Closes ticket 25163. diff --git a/changes/ticket25170 b/changes/ticket25170 deleted file mode 100644 index 065213940..000000000 --- a/changes/ticket25170 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfix (directory authority, documentation): - - When a fingerprint or network address is marked as rejected, the - returned message by the authority now explicitly mention to set a valid - ContactInfo address and contact the bad-relays@ mailing list. Fixes bug - 25170; bugfix on 0.2.9.1.