commit f8ecdd7031a16e560cf00d327b1f2b1938629762 Author: Nick Mathewson nickm@torproject.org Date: Thu Feb 5 14:01:56 2015 -0500
Start working on an 0.2.3 changelog
This is just sorting the entries and lightly editing a couple of problems I found. --- ChangeLog | 356 ++++++++++++++++++++++++++ changes/better_workqueues | 10 - changes/bug11791 | 4 - changes/bug12485 | 4 - changes/bug12509 | 4 - changes/bug12585 | 12 - changes/bug12985 | 5 - changes/bug13111-generate-keys-on-empty-file | 20 -- changes/bug13319 | 4 - changes/bug13397 | 4 - changes/bug13401 | 7 - changes/bug13661 | 6 - changes/bug13805 | 3 - changes/bug13806 | 8 - changes/bug13988 | 3 - changes/bug14001-clang-warning | 7 - changes/bug14067-TestingDirAuthVoteHSDir | 6 - changes/bug14072 | 3 - changes/bug14084 | 6 - changes/bug14090 | 4 - changes/bug14106 | 4 - changes/bug14116_025 | 3 - changes/bug14123 | 4 - changes/bug14125 | 5 - changes/bug14129 | 7 - changes/bug14141 | 11 - changes/bug14142-parse-virtual-addr | 7 - changes/bug14149 | 4 - changes/bug14193 | 4 - changes/bug14195 | 3 - changes/bug14202 | 3 - changes/bug14207 | 3 - changes/bug14215 | 5 - changes/bug14216 | 5 - changes/bug14219 | 6 - changes/bug14220 | 4 - changes/bug14224 | 7 - changes/bug14259 | 6 - changes/bug14261 | 5 - changes/bug14280 | 5 - changes/bug14350 | 4 - changes/bug14451 | 5 - changes/bug14740 | 5 - changes/bug6852 | 3 - changes/bug7555 | 5 - changes/bug8546 | 6 - changes/bug9286 | 4 - changes/bug9635 | 3 - changes/bug9819 | 8 - changes/doc13702 | 4 - changes/feature10067 | 12 - changes/feature13865 | 5 - changes/feature14015 | 3 - changes/feature8405 | 4 - changes/fix-test-cmdline-args | 4 - changes/geoip-january2015 | 3 - changes/geoip6-january2015 | 2 - changes/prop227 | 5 - changes/remove-bad-fp | 3 - changes/ticket11485 | 3 - changes/ticket11737 | 4 - changes/ticket12376_part2 | 11 - changes/ticket13037 | 4 - changes/ticket13243 | 3 - changes/ticket13762 | 5 - changes/ticket14107 | 6 - changes/ticket14128 | 5 - changes/ticket14188_part1 | 4 - changes/ticket14325 | 5 - changes/ticket9969 | 8 - 70 files changed, 356 insertions(+), 367 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 70e42de..271a674 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,359 @@ +Changes in version 0.2.6.3-alpha - 2015-02-?? + + blah blah blah + + o Major features (changed defaults): + - Prevent relay operators from unintentionally running exits: When + a relay is configured as an exit node, we now warn the user + unless the 'ExitRelay' option is set to 1. We warn even more + loudly if the relay is configured with the default exit policy, + since this tends to indicate accidental misconfiguration. + Setting 'ExitRelay' to 0 stops Tor from running as an exit relay. + Closes ticket 10067. + + o Major features (security) + - Implementation of an AF_UNIX socket option to implement a SOCKS + proxy reachable by Unix Domain Socket. This allows client applications to + communicate with Tor without having the ability to create AF_INET or + AF_INET6 family sockets. If an application has permission to create a socket + with AF_UNIX, it may directly communicate with Tor as if it were an other + SOCKS proxy. This should allow high risk applications to be entirely prevented + from connecting directly with TCP/IP, they will be able to only connect to the + internet through AF_UNIX and only through Tor. + To create a socket of this type, use the syntax "unix:/path/to/socket". + Closes ticket 12585. + + o Major features (hidden services): + - Support mapping hidden service virtual ports to AF_UNIX sockets on + suitable platforms. Resolves ticket #11485. + + o Major features (performance): + - Refactor the CPU worker implementation for better performance by + avoiding the kernel and lengthening pipelines. The original + implementation used sockets to transfer data from the main thread + to the worker threads, and didn't allow any thread to be assigned + more than a single piece of work at once. The new implementation + avoids communications overhead by making requests in shared + memory, avoiding kernel IO where possible, and keeping more + request in flight at once. Resolves issue #9682. + + o Removed features: + - To avoid confusion with the 'ExitRelay' option, 'ExitNode' is no + longer silently accepted as an alias for 'ExitNodes'. + + o Major bugfixes (client): + - Allow MapAddress and AutomapHostsOnResolve to work together when an + address is mapped into another address type that must be + automapped at resolve time. Fixes bug 7555; bugfix on + 0.2.0.1-alpha. + + o Major bugfixes (exit node stability): + - Fix an assertion failure that could occur under high DNS load. Fixes + bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; diagnosed and fixed + by "cypherpunks". + + o Major bugfixes (mixed relay-client operation): + - When running as a relay and a client at the same time (not + recommended), if we decide not to use a new guard because we + want to retry older guards, only close the locally-originating + circuits passing through that guard. Previously we would close + all the circuits. Fixes bug 9819; bugfix on + 0.2.1.1-alpha. Reported by "skruffy". + + o Minor features (authorities, testing): + - Create TestingDirAuthVoteHSDir like TestingDirAuthVoteExit/Guard. + Ensures that authorities vote the HSDir flag for the listed + relays regardless of uptime or ORPort connectivity. + Respects the value of VoteOnHidServDirectoriesV2. + Partial implementation for ticket 14067. Patch by "teor". + + o Minor features (build): + - New --disable-system-torrc compile-time option to prevent Tor from + looking for a system-wide torrc or torrc-defaults tile. Resolves + ticket 13037. + + o Minor features (controller): + - Include SOCKS_USERNAME and SOCKS_PASSWORD values in controller + events to let controllers observe circuit isolation inputs. + Closes ticket 8405. + - ControlPort now supports the unix:/path/to/dir syntax as an alternative + to the ControlSocket option, for consistency with SocksPort and + hidden services. Closes ticket 14451. + - New "GETINFO bw-event-cache" to get information about recent bandwidth + events. Closes ticket 14128. Useful for controllers to get recent + bandwidth history after the fix for 13988. + + o Minor features (directory client): + - When downloading server- or microdescriptors from a directory server, + we no longer launch multiple simultaneous requests to the same server. + This reduces load on the directory servers, especially when directory + guards are in use. Closes ticket 9969. + - When downloading server- or microdescriptors over a tunneled + connection, do not limit the length of our request to what the Squid + proxy is willing to handle. Part of ticket 9969. + + o Minor features (directory system): + - Authorities can now vote on the correct digests and latest versions for + different software packages. This allows packages that include Tor to use + the Tor authority system as a way to get notified of updates and their + correct digests. Implements proposal 227. Closes ticket 10395. + + o Minor features (directory, memory usage): + - When we have recently been under memory pressure (over 3/4 of + MaxMemInQueues is allocated), then allocate smaller zlib objects for + small requests. Closes ticket 11791. + + o Minor features (DOS resistance): + - Count the total number of bytes used storing hidden service descriptors + against the value of MaxMemInQueues. If we're low on memory, and more + than 20% of our memory is used holding hidden service descriptors, free + them until no more than 10% of our memory holds hidden service + descriptors. Free the least recently fetched descriptors first. + Resolves ticket 13806. + + o Minor features (geoip): + - Update geoip to the January 7 2015 Maxmind GeoLite2 Country database. + - Update geoip6 to the January 7 2015 Maxmind GeoLite2 Country database. + + o Minor features (Guard nodes): + - Reduce the time delay before saving guard status to disk from 10 + minute to 30 seconds (or from one hour to 10 minutes if + AvoidDiskWrites is set). Closes ticket 12485. + + o Minor features (hidden service): + - Make hidden service Sybil attacks harder by changing the minimum + time required to become an HSDir from 25 hours up to 96 hours. + Addresses ticket #14149. + - New option "HiddenServiceAllowUnknownPorts" to allow hidden + services to disable the anti-scanning feature introduced in + 0.2.6.2-alpha. With this option not set, a connection to an + unlisted port closes the circuit. With this option set, only a + RELAY_DONE cell is sent. Closes ticket #14084. + + o Minor features (interface): + - Implement '-f -' CLI suboption to allow torrc to be read + from standard input, thus not requiring to store torrc in file + system. Implements feature 13865. + + o Minor features (logging): + - Add a count of unique clients to the bridge heartbeat message. Resolves + ticket 6852. + - Suppress "router info incompatible with extra info" message when + reading extrainfo documents from cache. (This message got loud + around when we closed bug 9812 in 0.2.6.2-alpha.) Closes ticket + 13762. + - Elevate authorized-client message from DEBUG to INFO. Closes + ticket 14015. + + o Minor features (systemd): + - Various improvements and modernizations in systemd hardening support. + Closes ticket 13805. Patch from Craig Andrews. + + o Minor features (stability): + - Prevent bugs from causing infinite loops in our hash-table + iteration code by adding assertions that cached hash values have + not been corrupted. Closes ticket 11737. + + o Minor features (testing networks): + - Drop the minimum RendPostPeriod on a testing network to 5 seconds, + and the default to 2 minutes. Closes ticket 13401. Patch by "nickm". + - Drop the MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds, + but keep the default at 30 seconds. This reduces HS bootstrap time to + around 25 seconds. Change src/test/test-network.sh default time to match. + Closes ticket 13401. Patch by "teor". + + o Minor bugfixes (automapping): + - Prevent changes to other options from removing the wildcard value "." + from "AutomapHostsSuffixes". + Fixes bug 12509; bugfix on 0.2.0.1-alpha. + + o Minor bugfixes (build): + - Avoid warnings when building with systemd 209 or later. + Fixes bug 14072; bugfix on 0.2.6.2-alpha. Patch from "h.venev". + + o Minor bugfixes (client DNS): + - Report the correct cached DNS expiration times. Previously, we + would report everything as "never expires." Fixes bug 14193; + bugfix on 0.2.3.17-beta. + - Avoid a small memory leak when we find a cached answer for a reverse + DNS lookup in a client-side DNS cache. (Remember, client-side DNS + caching is off by default, and is not recommended.) Fixes bug 14259; + bugfix on 0.2.0.1-alpha. + + o Minor bugfixes (client, automapping): + - Check for a missing option value in parse_virtual_addr_network + before asserting on the NULL in tor_addr_parse_mask_ports. + This avoids crashing on torrc lines like + Vi[rtualAddrNetworkIPv[4|6]] when no value follows the option. + Fixes bug 14142; bugfix on 0.2.4.7-alpha. + Patch by "teor". + - Fix a memory leak when using AutomapHostsOnResolve. + Fixes bug 14195; bugfix on 0.1.0.1-rc. + + o Minor bugfixes (client, IPV6): + - Reject socks requests to literal IPv6 addresses when IPv6Traffic + flag is not set; and not because the NoIPv4Traffic flag was set. + Previously we'd looked at the NoIPv4Traffic flag for both types + of literal addresses. Fixes bug 14280; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (client, bridges): + - When we are using bridges and we had a network connectivity problem, only + retry connecting to our currently configured bridges, not all bridges we + know about and remember using. + Fixes bug 14216; bugfix on tor-0.2.2.17-alpha. Patch from arma. + + o Minor bugfixes (compilation): + - Build without warnings with the stock OpenSSL srtp.h header, + which has a duplicate declaration of SSL_get_selected_srtp_profile(). + Fixes bug 14220; this is OpenSSL's bug, not ours. + - The address of an array in the middle of a structure will + always be non-NULL. clang recognises this and complains. + Disable the tautologous and redundant check to silence + this warning. + Fixes bug 14001; bugfix on 0.2.1.2-alpha. + - Compile correctly with (unreleased) OpenSSL 1.1.0 headers. + Addresses ticket 14188. + + o Minor bugfixes (controller): + - Add a code for the END_CIRC_REASON_IP_NOW_REDUNDANT circuit close + reason. Fixes bug 14207; bugfix on 0.2.6.2-alpha. + - Avoid crashing on a malformed EXTENDCIRCUIT command. Fixes bug 14116; + bugfix on 0.2.2.9-alpha. + + o Minor bugfixes (directory authority): + - Allow directory authorities to fetch more data from one + another if they find themselves missing lots of votes. + Previously, they had been bumping against the 10 MB queued + data limit. Fixes bug 14261; bugfix on 0.1.2.5-alpha. + - Enlarge the buffer to read bw-auth generated files to avoid an + issue when parsing the file in dirserv_read_measured_bandwidths(). + Fixes bug 14125; bugfix on 0.2.2.1-alpha. + + o Minor bugfixes (file handling): + - Stop failing when key files are zero-length. Instead, generate new + keys, and overwrite the empty key files. + Fixes bug 13111; bugfix on all versions of Tor. Patch by "teor". + - Stop generating a fresh .old RSA key file when the .old file is + missing. Fixes part of 13111; bugfix on 0.0.6rc1. + - Avoid overwriting .old key files with empty key files. + - Skip loading zero-length extra info store, router store, stats, state, + and key files. + - Avoid crashing when trying to reload a torrc specified as a relative + path with RunAsDaemon turned on. Fixes bug 13397; bugfix on + 0.2.3.11-alpha. + + o Minor bugfixes (hidden services): + - Close the intro circuit once we don't have any more usable intro + points instead of making it timeout at some point. This also make sure + no extra HS descriptor fetch is triggered. + Fixes bug 14224; bugfix on 0.0.6. + - When fetching a hidden service descriptor for a down service that we + recently up, do not keep refetching until we try the same replica twice + in a row. Fixes bug 14219; bugfix on 0.2.0.10-alpha. + - Successfully launch Tor with a nonexistent hidden service directory. + Our fix for bug 13942 didn't catch this case. Fixes bug 14106; + bugfix on 0.2.6.2-alpha. + + o Minor bugfixes (logging): + - Avoid crashing when there are more log domains than entries in + domain_list. Bugfix on 0.2.3.1-alpha. + - Add a string representation for LD_SCHED. Fixes bug 14740; + bugfix on 0.2.6.1-alpha. + + o Minor bugfixes (parsing): + - Stop accepting milliseconds (or other junk) at the end of + descriptor publication times. Fixes bug 9286; bugfix on + 0.0.2pre25. + - Support two-number and three-number version numbers correctly, in + case we change the Tor versioning system in the future. Fixes bug + 13661; bugfix on 0.0.8pre1. + + o Minor bugfixes (portability): + - Fix the ioctl()-based network interface lookup code so that it will + work on systems that have variable-length struct ifreq, for example + Mac OS X. + + o Minor bugfixes (shutdown): + - When shutting down, always call event_del() on lingering read or + write events before freeing them. Otherwise, we risk double-frees + or read-after-frees in event_base_free(). Fixes bug 12985; bugfix on + 0.1.0.2-rc. + + o Minor bugfixes (small memory leaks): + - Avoid leaking memory when using IPv6 virtual address mappings. + Fixes bug 14123; bugfix on 0.2.4.7-alpha. Patch by Tom van der + Woerdt. + + o Minor bugfixes (statistics): + - Increase period over which bandwidth observations are aggregated + from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1. + + o Minor bugfixes (systemd support): + - Fix detection and operation of systemd watchdog. Fixes part of + bug 14141; bugfix on 0.2.6.2-alpha. Patch from Tomasz Torcz. + - Run correctly under systemd with the RunAsDaemon option set. + Fixes part of bug 14141; bugfix on 0.2.5.7-rc. Patch from Tomasz + Torcz. + - Inform the systemd supervisor about more changes in the Tor process + status. Implements part of ticket 14141. Patch from Tomasz Torcz. + - Cause the "--disable-systemd" option to actually disable systemd + support. Fixes bug 14350; bugfix on 0.2.6.2-alpha. Patch from + "blueness". + + o Minor bugfixes (TLS): + - Check more thoroughly throughout the TLS code for possible unlogged + TLS errors. Possible diagnostic or fix for bug 13319. + + o Code simplification and refactoring: + - Move fields related to isolating and configuring client ports + into a shared structure. Previously, they were duplicated across + port_cfg_t, listener_connection_t, and edge_connection_t. + Failure to copy one of them correctly had been the cause of at + least one bug in the past. Closes ticket 8546. + - Refactor the get_interface_addresses_raw() Doom-function into + multiple smaller and easier to understand subfunctions. Cover the + resulting subfunctions with unit-tests. Fixes a significant portion + of issue 12376. + - Remove workaround in dirserv_thinks_router_is_hs_dir() that was only + for version <= 0.2.2.24 which is now deprecated. Closes ticket 14202. + - Remove a test for a long-defunct broken version-one directory server. + + o Documentation: + - Adding section on OpenBSD to our TUNING document. Thanks to + mmcc for writing the OpenBSD-specific tips. Resolves ticket + 13702. + - Make the tor-resolve documentation match its help string and its + options. Resolves part of ticket 14325. + - Log a more useful error message from tor-resolve when failing to + look up a hidden service address. Resolves part of ticket 14325. + + o Downgraded warnings: + - Don't warn when we've attempted to contact a relay using the wrong + ntor onion key. Closes ticket 9635. + + o Testing: + - Make the checkdir/perms test complete successfully even if the + global umask is not 022. Fixes bug 14215; bugfix on 0.2.6.2-alpha. + - Test that tor does not fail when key files are zero-length. + Check that tor generates new keys, and overwrites the empty key files. + - Test that tor generates new keys when keys are missing (existing + behaviour). + - Test that tor does not overwrite key files that already contain data + (existing behaviour). + Tests bug 13111. Patch by "teor". + - New "make test-stem" target to run stem integration tests. + Requires that the "STEM_SOURCE_DIR" environment variable be set. + Closes ticket 14107. + - Make the test_cmdline_args.py script work correctly on Windows. + Patch from Gisle Vanem. + - Move the slower unit tests into a new "./src/test/test-slow" binary + that can be run independently of the other tests. Closes ticket 13243. + - Avoid undefined behavior when sampling huge values from the + Laplace distribution. This made unittests fail on Raspberry Pi. + Bug found by Device. Fixes bug 14090; bugfix on 0.2.6.2-alpha. + + + Changes in version 0.2.6.2-alpha - 2014-12-31 Tor 0.2.6.2-alpha is the second alpha release in the 0.2.6.x series. It introduces a major new backend for deciding when to send cells on diff --git a/changes/better_workqueues b/changes/better_workqueues deleted file mode 100644 index 32c984c..0000000 --- a/changes/better_workqueues +++ /dev/null @@ -1,10 +0,0 @@ - o Major features: - - Refactor the CPU worker implementation for better performance by - avoiding the kernel and lengthening pipelines. The original - implementation used sockets to transfer data from the main thread - to the worker threads, and didn't allow any thread to be assigned - more than a single piece of work at once. The new implementation - avoids communications overhead by making requests in shared - memory, avoiding kernel IO where possible, and keeping more - request in flight at once. Resolves issue #9682. - diff --git a/changes/bug11791 b/changes/bug11791 deleted file mode 100644 index 51a9327..0000000 --- a/changes/bug11791 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (directory, memory usage): - - When we have recently been under memory pressure (over 3/4 of - MaxMemInQueues is allocated), then allocate smaller zlib objects for - small requests. Closes ticket 11791. diff --git a/changes/bug12485 b/changes/bug12485 deleted file mode 100644 index 53ce33e..0000000 --- a/changes/bug12485 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (Guard nodes): - - Reduce the time delay before saving guard status to disk from 10 - minute to 30 seconds (or from one hour to 10 minutes if - AvoidDiskWrites is set). Closes ticket 12485. diff --git a/changes/bug12509 b/changes/bug12509 deleted file mode 100644 index bb49bd5..0000000 --- a/changes/bug12509 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (automapping): - - Prevent changes to other options from removing the wildcard value "." - from "AutomapHostsSuffixes". - Fixes bug 12509; bugfix on 0.2.0.1-alpha. diff --git a/changes/bug12585 b/changes/bug12585 deleted file mode 100644 index ac03993..0000000 --- a/changes/bug12585 +++ /dev/null @@ -1,12 +0,0 @@ - o Major features (security) - - Implementation of an AF_UNIX socket option to implement a SOCKS - proxy reachable by Unix Domain Socket. This allows client applications to - communicate with Tor without having the ability to create AF_INET or - AF_INET6 family sockets. If an application has permission to create a socket - with AF_UNIX, it may directly communicate with Tor as if it were an other - SOCKS proxy. This should allow high risk applications to be entirely prevented - from connecting directly with TCP/IP, they will be able to only connect to the - internet through AF_UNIX and only through Tor. - To create a socket of this type, use the syntax "unix:/path/to/socket". - Closes ticket 12585. - diff --git a/changes/bug12985 b/changes/bug12985 deleted file mode 100644 index 636ae4d..0000000 --- a/changes/bug12985 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (shutdown): - - When shutting down, always call event_del() on lingering read or - write events before freeing them. Otherwise, we risk double-frees - or read-after-frees in event_base_free(). Fixes bug 12985; bugfix on - 0.1.0.2-rc. diff --git a/changes/bug13111-generate-keys-on-empty-file b/changes/bug13111-generate-keys-on-empty-file deleted file mode 100644 index 1d602de..0000000 --- a/changes/bug13111-generate-keys-on-empty-file +++ /dev/null @@ -1,20 +0,0 @@ - o Minor bugfixes (file handling): - - Stop failing when key files are zero-length. Instead, generate new - keys, and overwrite the empty key files. - Fixes bug 13111; bugfix on all versions of Tor. Patch by "teor". - - Stop generating a fresh .old RSA key file when the .old file is - missing. Fixes part of 13111; bugfix on 0.0.6rc1. - - Avoid overwriting .old key files with empty key files. - - o Minor enhancements (file handling): - - Skip loading zero-length extra info store, router store, stats, state, - and key files. - - o Minor enhancements (testing): - - Test that tor does not fail when key files are zero-length. - Check that tor generates new keys, and overwrites the empty key files. - - Test that tor generates new keys when keys are missing (existing - behaviour). - - Test that tor does not overwrite key files that already contain data - (existing behaviour). - Tests bug 13111. Patch by "teor". diff --git a/changes/bug13319 b/changes/bug13319 deleted file mode 100644 index eee95c8..0000000 --- a/changes/bug13319 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Check more thoroughly throughout the TLS code for possible unlogged - TLS errors. Possible diagnostic or fix for bug 13319. - diff --git a/changes/bug13397 b/changes/bug13397 deleted file mode 100644 index 5020928..0000000 --- a/changes/bug13397 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Avoid crashing when trying to reload a torrc specified as a relative - path with RunAsDaemon turned on. Fixes bug 13397; bugfix on - 0.2.3.11-alpha. diff --git a/changes/bug13401 b/changes/bug13401 deleted file mode 100644 index e2834a0..0000000 --- a/changes/bug13401 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (testing networks): - - Drop the minimum RendPostPeriod on a testing network to 5 seconds, - and the default to 2 minutes. Closes ticket 13401. Patch by "nickm". - - Drop the MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds, - but keep the default at 30 seconds. This reduces HS bootstrap time to - around 25 seconds. Change src/test/test-network.sh default time to match. - Closes ticket 13401. Patch by "teor". diff --git a/changes/bug13661 b/changes/bug13661 deleted file mode 100644 index 7f0cb5e..0000000 --- a/changes/bug13661 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - - Support two-number and three-number version numbers correctly, in - case we change the Tor versioning system in the future. Fixes bug - 13661; bugfix on 0.0.8pre1. - diff --git a/changes/bug13805 b/changes/bug13805 deleted file mode 100644 index 321cd58..0000000 --- a/changes/bug13805 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (systemd): - - Various improvements and modernizations in systemd hardening support. - Closes ticket 13805. Patch from Craig Andrews. diff --git a/changes/bug13806 b/changes/bug13806 deleted file mode 100644 index 0a6b268..0000000 --- a/changes/bug13806 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor features (DOS resistance): - - Count the total number of bytes used storing hidden service descriptors - against the value of MaxMemInQueues. If we're low on memory, and more - than 20% of our memory is used holding hidden service descriptors, free - them until no more than 10% of our memory holds hidden service - descriptors. Free the least recently fetched descriptors first. - Resolves ticket 13806. - diff --git a/changes/bug13988 b/changes/bug13988 deleted file mode 100644 index e816335..0000000 --- a/changes/bug13988 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (statistics): - - Increase period over which bandwidth observations are aggregated - from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1. diff --git a/changes/bug14001-clang-warning b/changes/bug14001-clang-warning deleted file mode 100644 index 5f8deb7..0000000 --- a/changes/bug14001-clang-warning +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - The address of an array in the middle of a structure will - always be non-NULL. clang recognises this and complains. - Disable the tautologous and redundant check to silence - this warning. - Fixes bug 14001; bugfix on 0.2.1.2-alpha. - diff --git a/changes/bug14067-TestingDirAuthVoteHSDir b/changes/bug14067-TestingDirAuthVoteHSDir deleted file mode 100644 index c276e22..0000000 --- a/changes/bug14067-TestingDirAuthVoteHSDir +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (authorities, testing): - - Create TestingDirAuthVoteHSDir like TestingDirAuthVoteExit/Guard. - Ensures that authorities vote the HSDir flag for the listed - relays regardless of uptime or ORPort connectivity. - Respects the value of VoteOnHidServDirectoriesV2. - Partial implementation for ticket 14067. Patch by "teor". diff --git a/changes/bug14072 b/changes/bug14072 deleted file mode 100644 index c810616..0000000 --- a/changes/bug14072 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (build): - - Avoid warnings when building with systemd 209 or later. - Fixes bug 14072; bugfix on 0.2.6.2-alpha. Patch from "h.venev". diff --git a/changes/bug14084 b/changes/bug14084 deleted file mode 100644 index c7f053e..0000000 --- a/changes/bug14084 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features: - - New option "HiddenServiceAllowUnknownPorts" to allow hidden - services to disable the anti-scanning feature introduced in - 0.2.6.2-alpha. With this option not set, a connection to an - unlisted port closes the circuit. With this option set, only a - RELAY_DONE cell is sent. Closes ticket #14084. \ No newline at end of file diff --git a/changes/bug14090 b/changes/bug14090 deleted file mode 100644 index d6a6df4..0000000 --- a/changes/bug14090 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Avoid undefined behavior when sampling huge values from the - Laplace distribution. This made unittests fail on Raspberry Pi. - Bug found by Device. Fixes bug 14090; bugfix on 0.2.6.2-alpha. diff --git a/changes/bug14106 b/changes/bug14106 deleted file mode 100644 index cf6e568..0000000 --- a/changes/bug14106 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (hidden services): - - Successfully launch Tor with a nonexistent hidden service directory. - Our fix for bug 13942 didn't catch this case. Fixes bug 14106; - bugfix on 0.2.6.2-alpha. diff --git a/changes/bug14116_025 b/changes/bug14116_025 deleted file mode 100644 index 0859f62..0000000 --- a/changes/bug14116_025 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (controller): - - Avoid crashing on a malformed EXTENDCIRCUIT command. Fixes bug 14116; - bugfix on 0.2.2.9-alpha. diff --git a/changes/bug14123 b/changes/bug14123 deleted file mode 100644 index 1220a04..0000000 --- a/changes/bug14123 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (small memory leaks): - - Avoid leaking memory when using IPv6 virtual address mappings. - Fixes bug 14123; bugfix on 0.2.4.7-alpha. Patch by Tom van der - Woerdt. \ No newline at end of file diff --git a/changes/bug14125 b/changes/bug14125 deleted file mode 100644 index d8df37d..0000000 --- a/changes/bug14125 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (dirauth): - - Enlarge the buffer to read bw-auth generated files to avoid an - issue when parsing the file in dirserv_read_measured_bandwidths(). - Fixes bug 14125; bugfix on 0.2.2.1-alpha. - diff --git a/changes/bug14129 b/changes/bug14129 deleted file mode 100644 index 6153cd8..0000000 --- a/changes/bug14129 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (exit node stability): - - - Fix an assertion failure that could occur under high DNS load. Fixes - bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; diagnosed and fixed - by "cypherpunks". - - diff --git a/changes/bug14141 b/changes/bug14141 deleted file mode 100644 index 75cdcd5..0000000 --- a/changes/bug14141 +++ /dev/null @@ -1,11 +0,0 @@ - o Minor bugfixes (systemd support): - - Fix detection and operation of systemd watchdog. Fixes part of - bug 14141; bugfix on 0.2.6.2-alpha. Patch from Tomasz Torcz. - - - Run correctly under systemd with the RunAsDaemon option set. - Fixes part of bug 14141; bugfix on 0.2.5.7-rc. Patch from Tomasz - Torcz. - - o Minor featurs (systemd support): - - Inform the systemd supervisor about more changes in the Tor process - status. Implements part of ticket 14141. Patch from Tomasz Torcz. \ No newline at end of file diff --git a/changes/bug14142-parse-virtual-addr b/changes/bug14142-parse-virtual-addr deleted file mode 100644 index ee63545..0000000 --- a/changes/bug14142-parse-virtual-addr +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (client): - - Check for a missing option value in parse_virtual_addr_network - before asserting on the NULL in tor_addr_parse_mask_ports. - This avoids crashing on torrc lines like - Vi[rtualAddrNetworkIPv[4|6]] when no value follows the option. - Fixes bug 14142; bugfix on 0.2.4.7-alpha. - Patch by "teor". diff --git a/changes/bug14149 b/changes/bug14149 deleted file mode 100644 index d655a14..0000000 --- a/changes/bug14149 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (hidden service parameters): - - Make hidden service Sybil attacks harder by changing the minimum - time required to become an HSDir from 25 hours up to 96 hours. - Addresses ticket #14149. \ No newline at end of file diff --git a/changes/bug14193 b/changes/bug14193 deleted file mode 100644 index a700668..0000000 --- a/changes/bug14193 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (client DNS): - - Report the correct cached DNS expiration times. Previously, we - would report everything as "never expires." Fixes bug 14193; - bugfix on 0.2.3.17-beta. diff --git a/changes/bug14195 b/changes/bug14195 deleted file mode 100644 index d2b82f3..0000000 --- a/changes/bug14195 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (client): - - Fix a memory leak when using AutomapHostsOnResolve. - Fixes bug 14195; bugfix on 0.1.0.1-rc. diff --git a/changes/bug14202 b/changes/bug14202 deleted file mode 100644 index 79f7537..0000000 --- a/changes/bug14202 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor cleanup: - - Remove workaround in dirserv_thinks_router_is_hs_dir() that was only - for version <= 0.2.2.24 which is now deprecated. Closes ticket 14202. diff --git a/changes/bug14207 b/changes/bug14207 deleted file mode 100644 index b382f82..0000000 --- a/changes/bug14207 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (controller): - - Add a code for the END_CIRC_REASON_IP_NOW_REDUNDANT circuit close - reason. Fixes bug 14207; bugfix on 0.2.6.2-alpha. diff --git a/changes/bug14215 b/changes/bug14215 deleted file mode 100644 index 70bcdaa..0000000 --- a/changes/bug14215 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (tests): - - Make the checkdir/perms test complete successfully even if the - global umask is not 022. Fixes bug 14215; bugfix on 0.2.6.2-alpha. - - diff --git a/changes/bug14216 b/changes/bug14216 deleted file mode 100644 index 47893ce..0000000 --- a/changes/bug14216 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - When we are using bridges and we had a network connectivity problem, only - retry connecting to our currently configured bridges, not all bridges we - know about and remember using. - Fixes bug 14216; bugfix on tor-0.2.2.17-alpha. Patch from arma. diff --git a/changes/bug14219 b/changes/bug14219 deleted file mode 100644 index 9d845db..0000000 --- a/changes/bug14219 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (hidden services): - - - When fetching a hidden service descriptor for a down service that we - recently up, do not keep refetching until we try the same replica twice - in a row. Fixes bug 14219; bugfix on 0.2.0.10-alpha. - diff --git a/changes/bug14220 b/changes/bug14220 deleted file mode 100644 index 51cfa50..0000000 --- a/changes/bug14220 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - Build without warnings with the stock OpenSSL srtp.h header, - which has a duplicate declaration of SSL_get_selected_srtp_profile(). - Fixes bug 14220; this is OpenSSL's bug, not ours. diff --git a/changes/bug14224 b/changes/bug14224 deleted file mode 100644 index 031b000..0000000 --- a/changes/bug14224 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor Bugfix - - Close the intro circuit once we don't have any more usable intro - points instead of making it timeout at some point. This also make sure - no extra HS descriptor fetch is triggered. - Fixes bug 14224; bugfix on 0.0.6. - - diff --git a/changes/bug14259 b/changes/bug14259 deleted file mode 100644 index 1b5b9b8..0000000 --- a/changes/bug14259 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (client): - - Avoid a small memory leak when we find a cached answer for a reverse - DNS lookup in a client-side DNS cache. (Remember, client-side DNS - caching is off by default, and is not recommended.) Fixes bug 14259; - bugfix on 0.2.0.1-alpha. - diff --git a/changes/bug14261 b/changes/bug14261 deleted file mode 100644 index 8ab556c..0000000 --- a/changes/bug14261 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (directory authority): - - Allow directory authorities to fetch more data from one - another if they find themselves missing lots of votes. - Previously, they had been bumping against the 10 MB queued - data limit. Fixes bug 14261; bugfix on 0.1.2.5-alpha. diff --git a/changes/bug14280 b/changes/bug14280 deleted file mode 100644 index 917d40c..0000000 --- a/changes/bug14280 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Reject socks requests to literal IPv6 addresses when IPv6Traffic - flag is not set; and not because the NoIPv4Traffic flag was set. - Previously we'd looked at the NoIPv4Traffic flag for both types - of literal addresses. Fixes bug 14280; bugfix on 0.2.4.7-alpha. diff --git a/changes/bug14350 b/changes/bug14350 deleted file mode 100644 index 8b85798..0000000 --- a/changes/bug14350 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Cause the "--disable-systemd" option to actually disable systemd - support. Fixes bug 14350; bugfix on 0.2.6.2-alpha. Patch from - "blueness". \ No newline at end of file diff --git a/changes/bug14451 b/changes/bug14451 deleted file mode 100644 index 197cd59..0000000 --- a/changes/bug14451 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - ControlPort now supports the unix:/path/to/dir syntax as an alternative - to the ControlSocket option, for consistency with SocksPort and - hidden services. Closes ticket 14451. - diff --git a/changes/bug14740 b/changes/bug14740 deleted file mode 100644 index 5cac620..0000000 --- a/changes/bug14740 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Avoid crashing when there are more log domains than entries in - domain_list. Bugfix on 0.2.3.1-alpha. - - Add a string representation for LD_SCHED. Fixes bug 14740; - bugfix on 0.2.6.1-alpha. diff --git a/changes/bug6852 b/changes/bug6852 deleted file mode 100644 index 9bafef8..0000000 --- a/changes/bug6852 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Add a unique client counter to the heartbeat message. Resolves - ticket 6852. diff --git a/changes/bug7555 b/changes/bug7555 deleted file mode 100644 index a43ff73..0000000 --- a/changes/bug7555 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (client): - - Allow MapAddress and AutomapHostsOnResolve to work together when an - address is mapped into another address type that must be - automapped at resolve time. Fixes bug 7555; bugfix on - 0.2.0.1-alpha. diff --git a/changes/bug8546 b/changes/bug8546 deleted file mode 100644 index 9e79b4f..0000000 --- a/changes/bug8546 +++ /dev/null @@ -1,6 +0,0 @@ - o Code simplification and refactoring: - - Move fields related to isolating and configuring client ports - into a shared structure. Previously, they were duplicated across - port_cfg_t, listener_connection_t, and edge_connection_t. - Failure to copy one of them correctly had been the cause of at - least one bug in the past. Closes ticket 8546. diff --git a/changes/bug9286 b/changes/bug9286 deleted file mode 100644 index 062a7a0..0000000 --- a/changes/bug9286 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (parsing): - - Stop accepting milliseconds (or other junk) at the end of - descriptor publication times. Fixes bug 9286; bugfix on - 0.0.2pre25. \ No newline at end of file diff --git a/changes/bug9635 b/changes/bug9635 deleted file mode 100644 index 17a2ea5..0000000 --- a/changes/bug9635 +++ /dev/null @@ -1,3 +0,0 @@ - o Downgraded warnings: - - Don't warn when we've attempted to contact a relay using the wrong - ntor onion key. Closes ticket 9635. diff --git a/changes/bug9819 b/changes/bug9819 deleted file mode 100644 index 7220d2a..0000000 --- a/changes/bug9819 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (mixed relay-client operation): - - - When running as a relay and a client at the same time (not - recommended), if we decide not to use a new guard because we - want to retry older guards, only close the locally-originating - circuits passing through that guard. Previously we would close - all the circuits. Fixes bug 9819; bugfix on - 0.2.1.1-alpha. Reported by "skruffy". diff --git a/changes/doc13702 b/changes/doc13702 deleted file mode 100644 index 917dca3..0000000 --- a/changes/doc13702 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - Adding section on OpenBSD to our TUNING document. Thanks to - mmcc for writing the OpenBSD-specific tips. Resolves ticket - 13702. diff --git a/changes/feature10067 b/changes/feature10067 deleted file mode 100644 index 3a387d0..0000000 --- a/changes/feature10067 +++ /dev/null @@ -1,12 +0,0 @@ - o Major features (changed defaults): - - Prevent relay operators from unintentionally running exits: When - a relay is configured as an exit node, we now warn the user - unless the 'ExitRelay' option is set to 1. We warn even more - loudly if the relay is configured with the default exit policy, - since this tends to indicate accidental misconfiguration. - Setting 'ExitRelay' to 0 stops Tor from running as an exit relay. - Closes ticket 10067. - - o Removed features: - - To avoid confusion with the 'ExitRelay' option, 'ExitNode' is no - longer silently accepted as an alias for 'ExitNodes'. diff --git a/changes/feature13865 b/changes/feature13865 deleted file mode 100644 index 48291b4..0000000 --- a/changes/feature13865 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Implement '-f -' CLI suboption to allow torrc to be read - from standard input, thus not requiring to store torrc in file - system. Implements feature 13865. - diff --git a/changes/feature14015 b/changes/feature14015 deleted file mode 100644 index bd09b49..0000000 --- a/changes/feature14015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (logging, hidden services): - - Elevate authorized-client message from DEBUG to INFO. Closes - ticket 14015. diff --git a/changes/feature8405 b/changes/feature8405 deleted file mode 100644 index ac4a361..0000000 --- a/changes/feature8405 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (controller): - - Include SOCKS_USERNAME and SOCKS_PASSWORD values in controller - events to let controllers observe circuit isolation inputs. - Closes ticket 8405. diff --git a/changes/fix-test-cmdline-args b/changes/fix-test-cmdline-args deleted file mode 100644 index 6902d19..0000000 --- a/changes/fix-test-cmdline-args +++ /dev/null @@ -1,4 +0,0 @@ - o Testing: - - Make the test_cmdline_args.py script work correctly on Windows. - Patch from Gisle Vanem. - \ No newline at end of file diff --git a/changes/geoip-january2015 b/changes/geoip-january2015 deleted file mode 100644 index 67324f2..0000000 --- a/changes/geoip-january2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip to the January 7 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip6-january2015 b/changes/geoip6-january2015 deleted file mode 100644 index b86fe2b..0000000 --- a/changes/geoip6-january2015 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features: - - Update geoip6 to the January 7 2015 Maxmind GeoLite2 Country database. diff --git a/changes/prop227 b/changes/prop227 deleted file mode 100644 index cd47fe2..0000000 --- a/changes/prop227 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (directory system): - - Authorities can now vote on the correct digests and latest versions for - different software packages. This allows packages that include Tor to use - the Tor authority system as a way to get notified of updates and their - correct digests. Implements proposal 227. Closes ticket 10395. diff --git a/changes/remove-bad-fp b/changes/remove-bad-fp deleted file mode 100644 index 190013d..0000000 --- a/changes/remove-bad-fp +++ /dev/null @@ -1,3 +0,0 @@ - o Removed features: - - Remove a test for a long-defunct broken version-one directory server. - diff --git a/changes/ticket11485 b/changes/ticket11485 deleted file mode 100644 index 9d341c5..0000000 --- a/changes/ticket11485 +++ /dev/null @@ -1,3 +0,0 @@ - o Features (hidden services): - - Support mapping hidden service virtual ports to AF_UNIX sockets on - suitable platforms. Resolves ticket #11485. diff --git a/changes/ticket11737 b/changes/ticket11737 deleted file mode 100644 index 5c5f9dc..0000000 --- a/changes/ticket11737 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Prevent bugs from causing infinite loops in our hash-table - iteration code by adding assertions that cached hash values have - not been corrupted. Closes ticket 11737. diff --git a/changes/ticket12376_part2 b/changes/ticket12376_part2 deleted file mode 100644 index 13f9bb5..0000000 --- a/changes/ticket12376_part2 +++ /dev/null @@ -1,11 +0,0 @@ - o Major refactoring: - - Refactor the get_interface_addresses_raw() Doom-function into - multiple smaller and easier to understand subfunctions. Cover the - resulting subfunctions with unit-tests. Fixes a significant portion - of issue 12376. - - o Minor bugfixes: - - Fix the ioctl()-based network interface lookup code so that it will - work on systems that have variable-length struct ifreq, for example - Mac OS X. - diff --git a/changes/ticket13037 b/changes/ticket13037 deleted file mode 100644 index 24c4100..0000000 --- a/changes/ticket13037 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (build): - - New --disable-system-torrc compile-time option to prevent Tor from - looking for a system-wide torrc or torrc-defaults tile. Resolves - ticket 13037. diff --git a/changes/ticket13243 b/changes/ticket13243 deleted file mode 100644 index ad6e4de..0000000 --- a/changes/ticket13243 +++ /dev/null @@ -1,3 +0,0 @@ - o Testing: - - Move the slower unit tests into a new "./src/test/test-slow" binary - that can be run independently of the other tests. Closes ticket 13243. diff --git a/changes/ticket13762 b/changes/ticket13762 deleted file mode 100644 index 0c1a568..0000000 --- a/changes/ticket13762 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Suppress "router info incompatible with extra info" message when - reading extrainfo documents from cache. (This message got loud - around when we closed bug 9812 in 0.2.6.2-alpha.) Closes ticket - 13762. diff --git a/changes/ticket14107 b/changes/ticket14107 deleted file mode 100644 index e4ba6be..0000000 --- a/changes/ticket14107 +++ /dev/null @@ -1,6 +0,0 @@ - o Testing: - - - New "make test-stem" target to run stem integration tests. - Requires that the "STEM_SOURCE_DIR" environment variable be set. - Closes ticket 14107. - diff --git a/changes/ticket14128 b/changes/ticket14128 deleted file mode 100644 index 38b25fa..0000000 --- a/changes/ticket14128 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (controller): - - New "GETINFO bw-event-cache" to get information about recent bandwidth - events. Closes ticket 14128. Useful for controllers to get recent - bandwidth history after the fix for 13988. - diff --git a/changes/ticket14188_part1 b/changes/ticket14188_part1 deleted file mode 100644 index 6e71da8..0000000 --- a/changes/ticket14188_part1 +++ /dev/null @@ -1,4 +0,0 @@ - o Compilation fixes: - - Compile correctly with (unreleased) OpenSSL 1.1.0 headers. - Addresses ticket 14188. - diff --git a/changes/ticket14325 b/changes/ticket14325 deleted file mode 100644 index 27c27f5..0000000 --- a/changes/ticket14325 +++ /dev/null @@ -1,5 +0,0 @@ - o Documentation: - - Make the tor-resolve documentation match its help string and its - options. Resolves part of ticket 14325. - - Log a more useful error message from tor-resolve when failing to - look up a hidden service address. Resolves part of ticket 14325. diff --git a/changes/ticket9969 b/changes/ticket9969 deleted file mode 100644 index c208e26..0000000 --- a/changes/ticket9969 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor features (directory client): - - When downloading server- or microdescriptors from a directory server, - we no longer launch multiple simultaneous requests to the same server. - This reduces load on the directory servers, especially when directory - guards are in use. Closes ticket 9969. - - When downloading server- or microdescriptors over a tunneled - connection, do not limit the length of our request to what the Squid - proxy is willing to handle. Part of ticket 9969.
tor-commits@lists.torproject.org