[tor-commits] [tor/release-0.4.4] forward-port changelog and release-notes from 0.4.3.5

nickm at torproject.org nickm at torproject.org
Mon Jun 15 20:43:23 UTC 2020


commit 85c0ba1cfb08adb08d674a549d4cfbe7ee050b31
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon Jun 15 16:43:09 2020 -0400

    forward-port changelog and release-notes from 0.4.3.5
---
 ChangeLog    |  39 ++++
 ReleaseNotes | 614 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 653 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 1efcbcf00..9ddbfa95f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,42 @@
+Changes in version 0.4.3.5 - 2020-05-15
+  Tor 0.4.3.5 is the first stable release in the 0.4.3.x series. This
+  series adds support for building without relay code enabled, and
+  implements functionality needed for OnionBalance with v3 onion
+  services. It includes significant refactoring of our configuration and
+  controller functionality, and fixes numerous smaller bugs and
+  performance issues.
+
+  Per our support policy, we support each stable release series for nine
+  months after its first stable release, or three months after the first
+  stable release of the next series: whichever is longer. This means
+  that 0.4.3.x will be supported until around February 2021--later, if
+  0.4.4.x is later than anticipated.
+
+  Note also that support for 0.4.1.x is about to end on May 20 of this
+  year; 0.4.2.x will be supported until September 15. We still plan to
+  continue supporting 0.3.5.x, our long-term stable series, until
+  Feb 2022.
+
+  Below are the changes since 0.4.3.4-rc. For a complete list of changes
+  since 0.4.2.6, see the ReleaseNotes file.
+
+  o Minor bugfixes (compiler compatibility):
+    - Avoid compiler warnings from Clang 10 related to the use of GCC-
+      style "/* falls through */" comments. Both Clang and GCC allow
+      __attribute__((fallthrough)) instead, so that's what we're using
+      now. Fixes bug 34078; bugfix on 0.3.1.3-alpha.
+    - Fix compilation warnings with GCC 10.0.1. Fixes bug 34077; bugfix
+      on 0.4.0.3-alpha.
+
+  o Minor bugfixes (logging):
+    - Stop truncating IPv6 addresses and ports in channel and connection
+      logs. Fixes bug 33918; bugfix on 0.2.4.4-alpha.
+    - Fix a logic error in a log message about whether an address was
+      invalid. Previously, the code would never report that onion
+      addresses were onion addresses. Fixes bug 34131; bugfix
+      on 0.4.3.1-alpha.
+
+
 Changes in version 0.4.3.4-rc - 2020-04-13
   Tor 0.4.3.4-rc is the first release candidate in its series. It fixes
   several bugs from earlier versions, including one affecting DoS
diff --git a/ReleaseNotes b/ReleaseNotes
index a241da302..a572293c0 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -3,6 +3,620 @@ release of Tor. If you want to see more detailed descriptions of the
 changes in each development snapshot, see the ChangeLog file.
 
 
+Changes in version 0.4.3.5 - 2020-05-15
+  Tor 0.4.3.5 is the first stable release in the 0.4.3.x series. This
+  series adds support for building without relay code enabled, and
+  implements functionality needed for OnionBalance with v3 onion
+  services. It includes significant refactoring of our configuration and
+  controller functionality, and fixes numerous smaller bugs and
+  performance issues.
+
+  Per our support policy, we support each stable release series for nine
+  months after its first stable release, or three months after the first
+  stable release of the next series: whichever is longer. This means
+  that 0.4.3.x will be supported until around February 2021--later, if
+  0.4.4.x is later than anticipated.
+
+  Note also that support for 0.4.1.x is about to end on May 20 of this
+  year; 0.4.2.x will be supported until September 15. We still plan to
+  continue supporting 0.3.5.x, our long-term stable series, until
+  Feb 2022.
+
+  Below are the changes since 0.4.2.6. For a list of only the changes
+  since 0.4.3.4-rc, see the ChangeLog file.
+
+  o New system requirements:
+    - When building Tor, you now need to have Python 3 in order to run
+      the integration tests. (Python 2 is officially unsupported
+      upstream, as of 1 Jan 2020.) Closes ticket 32608.
+
+  o Major features (build system):
+    - The relay code can now be disabled using the --disable-module-relay
+      configure option. When this option is set, we also disable the
+      dirauth module. Closes ticket 32123.
+    - When Tor is compiled --disable-module-relay, we also omit the code
+      used to act as a directory cache. Closes ticket 32487.
+
+  o Major features (directory authority, ed25519):
+    - Add support for banning a relay's ed25519 keys in the approved-
+      routers file. This will help us migrate away from RSA keys in the
+      future. Previously, only RSA keys could be banned in approved-
+      routers. Resolves ticket 22029. Patch by Neel Chauhan.
+
+  o Major features (onion services):
+    - New control port commands to manage client-side onion service
+      authorization credentials. The ONION_CLIENT_AUTH_ADD command adds
+      a credential, ONION_CLIENT_AUTH_REMOVE deletes a credential, and
+      ONION_CLIENT_AUTH_VIEW lists the credentials. Closes ticket 30381.
+    - Introduce a new SocksPort flag, ExtendedErrors, to support more
+      detailed error codes in information for applications that support
+      them. Closes ticket 30382; implements proposal 304.
+
+  o Major features (proxy):
+    - In addition to its current supported proxy types (HTTP CONNECT,
+      SOCKS4, and SOCKS5), Tor can now make its OR connections through a
+      HAProxy server. A new torrc option was added to specify the
+      address/port of the server: TCPProxy <protocol> <host>:<port>.
+      Currently the only supported protocol for the option is haproxy.
+      Closes ticket 31518. Patch done by Suphanat Chunhapanya (haxxpop).
+
+  o Major bugfixes (security, denial-of-service):
+    - Fix a denial-of-service bug that could be used by anyone to
+      consume a bunch of CPU on any Tor relay or authority, or by
+      directories to consume a bunch of CPU on clients or hidden
+      services. Because of the potential for CPU consumption to
+      introduce observable timing patterns, we are treating this as a
+      high-severity security issue. Fixes bug 33119; bugfix on
+      0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
+      as TROVE-2020-002 and CVE-2020-10592.
+
+  o Major bugfixes (circuit padding, memory leak):
+    - Avoid a remotely triggered memory leak in the case that a circuit
+      padding machine is somehow negotiated twice on the same circuit.
+      Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
+      This is also tracked as TROVE-2020-004 and CVE-2020-10593.
+
+  o Major bugfixes (directory authority):
+    - Directory authorities will now send a 503 (not enough bandwidth)
+      code to clients when under bandwidth pressure. Known relays and
+      other authorities will always be answered regardless of the
+      bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha.
+
+  o Major bugfixes (DoS defenses, bridges, pluggable transport):
+    - Fix a bug that was preventing DoS defenses from running on bridges
+      with a pluggable transport. Previously, the DoS subsystem was not
+      given the transport name of the client connection, thus failed to
+      find the GeoIP cache entry for that client address. Fixes bug
+      33491; bugfix on 0.3.3.2-alpha.
+
+  o Major bugfixes (networking):
+    - Correctly handle IPv6 addresses in SOCKS5 RESOLVE_PTR requests,
+      and accept strings as well as binary addresses. Fixes bug 32315;
+      bugfix on 0.3.5.1-alpha.
+
+  o Major bugfixes (onion service):
+    - Report HS circuit failure back into the HS subsystem so we take
+      appropriate action with regards to the client introduction point
+      failure cache. This improves reachability of onion services, since
+      now clients notice failing introduction circuits properly. Fixes
+      bug 32020; bugfix on 0.3.2.1-alpha.
+
+  o Minor feature (heartbeat, onion service):
+    - Add the DoS INTRODUCE2 defenses counter to the heartbeat DoS
+      message. Closes ticket 31371.
+
+  o Minor feature (sendme, flow control):
+    - Default to sending SENDME version 1 cells. (Clients are already
+      sending these, because of a consensus parameter telling them to do
+      so: this change only affects what clients would do if the
+      consensus didn't contain a recommendation.) Closes ticket 33623.
+
+  o Minor features (best practices tracker):
+    - Practracker now supports a --regen-overbroad option to regenerate
+      the exceptions file, but only to revise exceptions to be _less_
+      tolerant of best-practices violations. Closes ticket 32372.
+
+  o Minor features (configuration validation):
+    - Configuration validation can now be done by per-module callbacks,
+      rather than a global validation function. This will let us reduce
+      the size of config.c and some of its more cumbersome functions.
+      Closes ticket 31241.
+
+  o Minor features (configuration):
+    - If a configured hardware crypto accelerator in AccelName is
+      prefixed with "!", Tor now exits when it cannot be found. Closes
+      ticket 32406.
+    - We now use flag-driven logic to warn about obsolete configuration
+      fields, so that we can include their names. In 0.4.2, we used a
+      special type, which prevented us from generating good warnings.
+      Implements ticket 32404.
+
+  o Minor features (configure, build system):
+    - Output a list of enabled/disabled features at the end of the
+      configure process in a pleasing way. Closes ticket 31373.
+
+  o Minor features (continuous integration):
+    - Run Doxygen Makefile target on Travis, so we can learn about
+      regressions in our internal documentation. Closes ticket 32455.
+    - Stop allowing failures on the Travis CI stem tests job. It looks
+      like all the stem hangs we were seeing before are now fixed.
+      Closes ticket 33075.
+
+  o Minor features (controller):
+    - Add stream isolation data to STREAM event. Closes ticket 19859.
+    - Implement a new GETINFO command to fetch microdescriptor
+      consensus. Closes ticket 31684.
+
+  o Minor features (debugging, directory system):
+    - Don't crash when we find a non-guard with a guard-fraction value
+      set. Instead, log a bug warning, in an attempt to figure out how
+      this happened. Diagnostic for ticket 32868.
+
+  o Minor features (defense in depth):
+    - Add additional checks around tor_vasprintf() usage, in case the
+      function returns an error. Patch by Tobias Stoeckmann. Fixes
+      ticket 31147.
+
+  o Minor features (developer tools):
+    - Remove the 0.2.9.x series branches from git scripts (git-merge-
+      forward.sh, git-pull-all.sh, git-push-all.sh, git-setup-dirs.sh).
+      Closes ticket 32772.
+    - Add a check_cocci_parse.sh script that checks that new code is
+      parseable by Coccinelle. Add an exceptions file for unparseable
+      files, and run the script from travis CI. Closes ticket 31919.
+    - Call the check_cocci_parse.sh script from a 'check-cocci' Makefile
+      target. Closes ticket 31919.
+    - Add a rename_c_identifiers.py tool to rename a bunch of C
+      identifiers at once, and generate a well-formed commit message
+      describing the change. This should help with refactoring. Closes
+      ticket 32237.
+    - Add some scripts in "scripts/coccinelle" to invoke the Coccinelle
+      semantic patching tool with the correct flags. These flags are
+      fairly easy to forget, and these scripts should help us use
+      Coccinelle more effectively in the future. Closes ticket 31705.
+
+  o Minor features (diagnostic):
+    - Improve assertions and add some memory-poisoning code to try to
+      track down possible causes of a rare crash (32564) in the EWMA
+      code. Closes ticket 33290.
+
+  o Minor features (directory authorities):
+    - Directory authorities now reject descriptors from relays running
+      Tor versions from the 0.2.9 and 0.4.0 series. The 0.3.5 series is
+      still allowed. Resolves ticket 32672. Patch by Neel Chauhan.
+
+  o Minor features (Doxygen):
+    - Update Doxygen configuration file to a more recent template (from
+      1.8.15). Closes ticket 32110.
+    - "make doxygen" now works with out-of-tree builds. Closes
+      ticket 32113.
+    - Make sure that doxygen outputs documentation for all of our C
+      files. Previously, some were missing @file declarations, causing
+      them to be ignored. Closes ticket 32307.
+    - Our "make doxygen" target now respects --enable-fatal-warnings by
+      default, and does not warn about items that are missing
+      documentation. To warn about missing documentation, run configure
+      with the "--enable-missing-doc-warnings" flag: doing so suspends
+      fatal warnings for doxygen. Closes ticket 32385.
+
+  o Minor features (git scripts):
+    - Add TOR_EXTRA_CLONE_ARGS to git-setup-dirs.sh for git clone
+      customisation. Closes ticket 32347.
+    - Add git-setup-dirs.sh, which sets up an upstream git repository
+      and worktrees for tor maintainers. Closes ticket 29603.
+    - Add TOR_EXTRA_REMOTE_* to git-setup-dirs.sh for a custom extra
+      remote. Closes ticket 32347.
+    - Call the check_cocci_parse.sh script from the git commit and push
+      hooks. Closes ticket 31919.
+    - Make git-push-all.sh skip unchanged branches when pushing to
+      upstream. The script already skipped unchanged test branches.
+      Closes ticket 32216.
+    - Make git-setup-dirs.sh create a master symlink in the worktree
+      directory. Closes ticket 32347.
+    - Skip unmodified source files when doing some existing git hook
+      checks. Related to ticket 31919.
+
+  o Minor features (IPv6, client):
+    - Make Tor clients tell dual-stack exits that they prefer IPv6
+      connections. This change is equivalent to setting the PreferIPv6
+      flag on SOCKSPorts (and most other listener ports). Tor Browser
+      has been setting this flag for some time, and we want to remove a
+      client distinguisher at exits. Closes ticket 32637.
+
+  o Minor features (portability, android):
+    - When building for Android, disable some tests that depend on $HOME
+      and/or pwdb, which Android doesn't have. Closes ticket 32825.
+      Patch from Hans-Christoph Steiner.
+
+  o Minor features (relay modularity):
+    - Split the relay and server pluggable transport config code into
+      separate files in the relay module. Disable this code when the
+      relay module is disabled. Closes part of ticket 32213.
+    - When the relay module is disabled, reject attempts to set the
+      ORPort, DirPort, DirCache, BridgeRelay, ExtORPort, or
+      ServerTransport* options, rather than ignoring the values of these
+      options. Closes part of ticket 32213.
+    - When the relay module is disabled, change the default config so
+      that DirCache is 0, and ClientOnly is 1. Closes ticket 32410.
+
+  o Minor features (release tools):
+    - Port our ChangeLog formatting and sorting tools to Python 3.
+      Closes ticket 32704.
+
+  o Minor features (testing):
+    - The unit tests now support a "TOR_SKIP_TESTCASES" environment
+      variable to specify a list of space-separated test cases that
+      should not be executed. We will use this to disable certain tests
+      that are failing on Appveyor because of mismatched OpenSSL
+      libraries. Part of ticket 33643.
+    - Detect some common failure cases for test_parseconf.sh in
+      src/test/conf_failures. Closes ticket 32451.
+    - Allow test_parseconf.sh to test expected log outputs for successful
+      configs, as well as failed configs. Closes ticket 32451.
+    - The test_parseconf.sh script now supports result variants for any
+      combination of the optional libraries lzma, nss, and zstd. Closes
+      ticket 32397.
+    - When running the unit tests on Android, create temporary files in
+      a subdirectory of /data/local/tmp. Closes ticket 32172. Based on a
+      patch from Hans-Christoph Steiner.
+
+  o Minor features (usability):
+    - Include more information when failing to parse a configuration
+      value. This should make it easier to tell what's going wrong when
+      a configuration file doesn't parse. Closes ticket 33460.
+
+  o Minor bugfix (relay, configuration):
+    - Warn if the ContactInfo field is not set, and tell the relay
+      operator that not having a ContactInfo field set might cause their
+      relay to get rejected in the future. Fixes bug 33361; bugfix
+      on 0.1.1.10-alpha.
+
+  o Minor bugfixes (bridges):
+    - Lowercase the configured value of BridgeDistribution before adding
+      it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha.
+
+  o Minor bugfixes (build system):
+    - Fix "make autostyle" for out-of-tree builds. Fixes bug 32370;
+      bugfix on 0.4.1.2-alpha.
+
+  o Minor bugfixes (compiler compatibility):
+    - Avoid compiler warnings from Clang 10 related to the use of GCC-
+      style "/* falls through */" comments. Both Clang and GCC allow
+      __attribute__((fallthrough)) instead, so that's what we're using
+      now. Fixes bug 34078; bugfix on 0.3.1.3-alpha.
+    - Fix compilation warnings with GCC 10.0.1. Fixes bug 34077; bugfix
+      on 0.4.0.3-alpha.
+
+  o Minor bugfixes (configuration handling):
+    - Make control_event_conf_changed() take in a config_line_t instead
+      of a smartlist of alternating key/value entries. Fixes bug 31531;
+      bugfix on 0.2.3.3-alpha. Patch by Neel Chauhan.
+    - Check for multiplication overflow when parsing memory units inside
+      configuration. Fixes bug 30920; bugfix on 0.0.9rc1.
+    - When dumping the configuration, stop adding a trailing space after
+      the option name when there is no option value. This issue only
+      affects options that accept an empty value or list. (Most options
+      reject empty values, or delete the entire line from the dumped
+      options.) Fixes bug 32352; bugfix on 0.0.9pre6.
+    - Avoid changing the user's value of HardwareAccel as stored by
+      SAVECONF, when AccelName is set but HardwareAccel is not. Fixes
+      bug 32382; bugfix on 0.2.2.1-alpha.
+    - When creating a KeyDirectory with the same location as the
+      DataDirectory (not recommended), respect the DataDirectory's
+      group-readable setting if one has not been set for the
+      KeyDirectory. Fixes bug 27992; bugfix on 0.3.3.1-alpha.
+
+  o Minor bugfixes (continuous integration):
+    - Remove the buggy and unused mirroring job. Fixes bug 33213; bugfix
+      on 0.3.2.2-alpha.
+
+  o Minor bugfixes (controller protocol):
+    - When receiving "ACTIVE" or "DORMANT" signals on the control port,
+      report them as SIGNAL events. Previously we would log a bug
+      warning. Fixes bug 33104; bugfix on 0.4.0.1-alpha.
+
+  o Minor bugfixes (controller):
+    - In routerstatus_has_changed(), check all the fields that are
+      output over the control port. Fixes bug 20218; bugfix
+      on 0.1.1.11-alpha.
+
+  o Minor bugfixes (developer tools):
+    - Allow paths starting with ./ in scripts/add_c_file.py. Fixes bug
+      31336; bugfix on 0.4.1.2-alpha.
+
+  o Minor bugfixes (dirauth module):
+    - Split the dirauth config code into a separate file in the dirauth
+      module. Disable this code when the dirauth module is disabled.
+      Closes ticket 32213.
+    - When the dirauth module is disabled, reject attempts to set the
+      AuthoritativeDir option, rather than ignoring the value of the
+      option. Fixes bug 32213; bugfix on 0.3.4.1-alpha.
+
+  o Minor bugfixes (embedded Tor):
+    - When starting Tor any time after the first time in a process,
+      register the thread in which it is running as the main thread.
+      Previously, we only did this on Windows, which could lead to bugs
+      like 23081 on non-Windows platforms. Fixes bug 32884; bugfix
+      on 0.3.3.1-alpha.
+
+  o Minor bugfixes (git scripts):
+    - Avoid sleeping before the last push in git-push-all.sh. Closes
+      ticket 32216.
+    - Forward all unrecognised arguments in git-push-all.sh to git push.
+      Closes ticket 32216.
+
+  o Minor bugfixes (key portability):
+    - When reading PEM-encoded key data, tolerate CRLF line-endings even
+      if we are not running on Windows. Previously, non-Windows hosts
+      would reject these line-endings in certain positions, making
+      certain key files hard to move from one host to another. Fixes bug
+      33032; bugfix on 0.3.5.1-alpha.
+
+  o Minor bugfixes (logging):
+    - Stop truncating IPv6 addresses and ports in channel and connection
+      logs. Fixes bug 33918; bugfix on 0.2.4.4-alpha.
+    - Flush stderr, stdout, and file logs during shutdown, if supported
+      by the OS. This change helps make sure that any final logs are
+      recorded. Fixes bug 33087; bugfix on 0.4.1.6.
+    - Stop closing stderr and stdout during shutdown. Closing these file
+      descriptors can hide sanitiser logs. Fixes bug 33087; bugfix
+      on 0.4.1.6.
+    - If we encounter a bug when flushing a buffer to a TLS connection,
+      only log the bug once per invocation of the Tor process.
+      Previously we would log with every occurrence, which could cause
+      us to run out of disk space. Fixes bug 33093; bugfix
+      on 0.3.2.2-alpha.
+    - When logging a bug, do not say "Future instances of this warning
+      will be silenced" unless we are actually going to silence them.
+      Previously we would say this whenever a BUG() check failed in the
+      code. Fixes bug 33095; bugfix on 0.4.1.1-alpha.
+
+  o Minor bugfixes (onion services v2):
+    - Move a series of v2 onion service warnings to protocol-warning
+      level because they can all be triggered remotely by a malformed
+      request. Fixes bug 32706; bugfix on 0.1.1.14-alpha.
+    - When sending the INTRO cell for a v2 Onion Service, look at the
+      failure cache alongside timeout values to check if the intro point
+      is marked as failed. Previously, we only looked at the relay
+      timeout values. Fixes bug 25568; bugfix on 0.2.7.3-rc. Patch by
+      Neel Chauhan.
+
+  o Minor bugfixes (onion services v3):
+    - Remove a BUG() warning that would cause a stack trace if an onion
+      service descriptor was freed while we were waiting for a
+      rendezvous circuit to complete. Fixes bug 28992; bugfix
+      on 0.3.2.1-alpha.
+    - Relax severity of a log message that can appear naturally when
+      decoding onion service descriptors as a relay. Also add some
+      diagnostics to debug any future bugs in that area. Fixes bug
+      31669; bugfix on 0.3.0.1-alpha.
+    - Fix an assertion failure that could result from a corrupted
+      ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
+      bugfix on 0.3.3.1-alpha. This issue is also tracked
+      as TROVE-2020-003.
+    - Properly handle the client rendezvous circuit timeout. Previously
+      Tor would sometimes timeout a rendezvous circuit awaiting the
+      introduction ACK, and find itself unable to re-establish all
+      circuits because the rendezvous circuit timed out too early. Fixes
+      bug 32021; bugfix on 0.3.2.1-alpha.
+
+  o Minor bugfixes (onion services):
+    - Do not rely on a "circuit established" flag for intro circuits but
+      instead always query the HS circuit map. This is to avoid sync
+      issue with that flag and the map. Fixes bug 32094; bugfix
+      on 0.3.2.1-alpha.
+
+  o Minor bugfixes (onion services, all):
+    - In cancel_descriptor_fetches(), use
+      connection_list_by_type_purpose() instead of
+      connection_list_by_type_state(). Fixes bug 32639; bugfix on
+      0.3.2.1-alpha. Patch by Neel Chauhan.
+
+  o Minor bugfixes (pluggable transports):
+    - When receiving a message on standard error from a pluggable
+      transport, log it at info level, rather than as a warning. Fixes
+      bug 33005; bugfix on 0.4.0.1-alpha.
+
+  o Minor bugfixes (rust, build):
+    - Fix a syntax warning given by newer versions of Rust that was
+      creating problems for our continuous integration. Fixes bug 33212;
+      bugfix on 0.3.5.1-alpha.
+
+  o Minor bugfixes (scripts):
+    - Fix update_versions.py for out-of-tree builds. Fixes bug 32371;
+      bugfix on 0.4.0.1-alpha.
+
+  o Minor bugfixes (testing):
+    - Use the same code to find the tor binary in all of our test
+      scripts. This change makes sure we are always using the coverage
+      binary when coverage is enabled. Fixes bug 32368; bugfix
+      on 0.2.7.3-rc.
+    - Stop ignoring "tor --dump-config" errors in test_parseconf.sh.
+      Fixes bug 32468; bugfix on 0.4.2.1-alpha.
+    - Our option-validation tests no longer depend on specially
+      configured non-default, non-passing sets of options. Previously,
+      the tests had been written to assume that options would _not_ be
+      set to their defaults, which led to needless complexity and
+      verbosity. Fixes bug 32175; bugfix on 0.2.8.1-alpha.
+
+  o Minor bugfixes (TLS bug handling):
+    - When encountering a bug in buf_read_from_tls(), return a "MISC"
+      error code rather than "WANTWRITE". This change might help avoid
+      some CPU-wasting loops if the bug is ever triggered. Bug reported
+      by opara. Fixes bug 32673; bugfix on 0.3.0.4-alpha.
+
+  o Deprecated features:
+    - Deprecate the ClientAutoIPv6ORPort option. This option was not
+      true "Happy Eyeballs", and often failed on connections that
+      weren't reliably dual-stack. Closes ticket 32942. Patch by
+      Neel Chauhan.
+
+  o Documentation:
+    - Provide a quickstart guide for a Circuit Padding Framework, and
+      documentation for researchers to implement and study circuit
+      padding machines. Closes ticket 28804.
+    - Add documentation in 'HelpfulTools.md' to describe how to build a
+      tag file. Closes ticket 32779.
+    - Create a high-level description of the long-term software
+      architecture goals. Closes ticket 32206.
+    - Describe the --dump-config command in the manual page. Closes
+      ticket 32467.
+    - Unite coding advice from this_not_that.md in torguts repo into our
+      coding standards document. Resolves ticket 31853.
+
+  o Removed features:
+    - Our Doxygen configuration no longer generates LaTeX output. The
+      reference manual produced by doing this was over 4000 pages long,
+      and generally unusable. Closes ticket 32099.
+    - The option "TestingEstimatedDescriptorPropagationTime" is now
+      marked as obsolete. It has had no effect since 0.3.0.7, when
+      clients stopped rejecting consensuses "from the future". Closes
+      ticket 32807.
+    - We no longer support consensus methods before method 28; these
+      methods were only used by authorities running versions of Tor that
+      are now at end-of-life. In effect, this means that clients,
+      relays, and authorities now assume that authorities will be
+      running version 0.3.5.x or later. Closes ticket 32695.
+
+  o Testing:
+    - Avoid conflicts between the fake sockets in tor's unit tests, and
+      real file descriptors. Resolves issues running unit tests with
+      GitHub Actions, where the process that embeds or launches the
+      tests has already opened a large number of file descriptors. Fixes
+      bug 33782; bugfix on 0.2.8.1-alpha. Found and fixed by
+      Putta Khunchalee.
+    - Add more test cases for tor's UTF-8 validation function. Also,
+      check the arguments passed to the function for consistency. Closes
+      ticket 32845.
+    - Improve test coverage for relay and dirauth config code, focusing
+      on option validation and normalization. Closes ticket 32213.
+    - Improve the consistency of test_parseconf.sh output, and run all
+      the tests, even if one fails. Closes ticket 32213.
+    - Run the practracker unit tests in the pre-commit git hook. Closes
+      ticket 32609.
+
+  o Code simplification and refactoring (channel):
+    - Channel layer had a variable length cell handler that was not used
+      and thus removed. Closes ticket 32892.
+
+  o Code simplification and refactoring (configuration):
+    - Immutability is now implemented as a flag on individual
+      configuration options rather than as part of the option-transition
+      checking code. Closes ticket 32344.
+    - Instead of keeping a list of configuration options to check for
+      relative paths, check all the options whose type is "FILENAME".
+      Solves part of ticket 32339.
+    - Our default log (which ordinarily sends NOTICE-level messages to
+      standard output) is now handled in a more logical manner.
+      Previously, we replaced the configured log options if they were
+      empty. Now, we interpret an empty set of log options as meaning
+      "use the default log". Closes ticket 31999.
+    - Remove some unused arguments from the options_validate() function,
+      to simplify our code and tests. Closes ticket 32187.
+    - Simplify the options_validate() code so that it looks at the
+      default options directly, rather than taking default options as an
+      argument. This change lets us simplify its interface. Closes
+      ticket 32185.
+    - Use our new configuration architecture to move most authority-
+      related options to the directory authority module. Closes
+      ticket 32806.
+    - When parsing the command line, handle options that determine our
+      "quiet level" and our mode of operation (e.g., --dump-config and
+      so on) all in one table. Closes ticket 32003.
+
+  o Code simplification and refactoring (controller):
+    - Create a new abstraction for formatting control protocol reply
+      lines based on key-value pairs. Refactor some existing control
+      protocol code to take advantage of this. Closes ticket 30984.
+    - Create a helper function that can fetch network status or
+      microdesc consensuses. Closes ticket 31684.
+
+  o Code simplification and refactoring (dirauth modularization):
+    - Remove the last remaining HAVE_MODULE_DIRAUTH inside a function.
+      Closes ticket 32163.
+    - Replace some confusing identifiers in process_descs.c. Closes
+      ticket 29826.
+    - Simplify some relay and dirauth config code. Closes ticket 32213.
+
+  o Code simplification and refactoring (mainloop):
+    - Simplify the ip_address_changed() function by removing redundant
+      checks. Closes ticket 33091.
+
+  o Code simplification and refactoring (misc):
+    - Make all the structs we declare follow the same naming convention
+      of ending with "_t". Closes ticket 32415.
+    - Move and rename some configuration-related code for clarity.
+      Closes ticket 32304.
+    - Our include.am files are now broken up by subdirectory.
+      Previously, src/core/include.am covered all of the subdirectories
+      in "core", "feature", and "app". Closes ticket 32137.
+    - Remove underused NS*() macros from test code: they make our tests
+      more confusing, especially for code-formatting tools. Closes
+      ticket 32887.
+
+  o Code simplification and refactoring (relay modularization):
+    - Disable relay_periodic when the relay module is disabled. Closes
+      ticket 32244.
+    - Disable relay_sys when the relay module is disabled. Closes
+      ticket 32245.
+
+  o Code simplification and refactoring (tool support):
+    - Add numerous missing dependencies to our include files, so that
+      they can be included in different reasonable orders and still
+      compile. Addresses part of ticket 32764.
+    - Fix some parts of our code that were difficult for Coccinelle to
+      parse. Related to ticket 31705.
+    - Fix some small issues in our code that prevented automatic
+      formatting tools from working. Addresses part of ticket 32764.
+
+  o Documentation (manpage):
+    - Alphabetize the Server and Directory server sections of the tor
+      manpage. Also split Statistics options into their own section of
+      the manpage. Closes ticket 33188. Work by Swati Thacker as part of
+      Google Season of Docs.
+    - Document the __OwningControllerProcess torrc option and specify
+      its polling interval. Resolves issue 32971.
+    - Split "Circuit Timeout" options and "Node Selection" options into
+      their own sections of the tor manpage. Closes tickets 32928 and
+      32929. Work by Swati Thacker as part of Google Season of Docs.
+    - Alphabetize the Client Options section of the tor manpage. Closes
+      ticket 32846.
+    - Alphabetize the General Options section of the tor manpage. Closes
+      ticket 32708.
+    - In the tor(1) manpage, reword and improve formatting of the
+      COMMAND-LINE OPTIONS and DESCRIPTION sections. Closes ticket
+      32277. Based on work by Swati Thacker as part of Google Season
+      of Docs.
+    - In the tor(1) manpage, reword and improve formatting of the FILES,
+      SEE ALSO, and BUGS sections. Closes ticket 32176. Based on work by
+      Swati Thacker as part of Google Season of Docs.
+
+  o Testing (Appveyor CI):
+    - In our Appveyor Windows CI, copy required DLLs to test and app
+      directories, before running tor's tests. This ensures that tor.exe
+      and test*.exe use the correct version of each DLL. This fix is not
+      required, but we hope it will avoid DLL search issues in future.
+      Fixes bug 33673; bugfix on 0.3.4.2-alpha.
+    - On Appveyor, skip the crypto/openssl_version test, which is
+      failing because of a mismatched library installation. Fix
+      for 33643.
+
+  o Testing (circuit, EWMA):
+    - Add unit tests for circuitmux and EWMA subsystems. Closes
+      ticket 32196.
+
+  o Testing (Travis CI):
+    - Remove a redundant distcheck job. Closes ticket 33194.
+    - Sort the Travis jobs in order of speed: putting the slowest jobs
+      first takes full advantage of Travis job concurrency. Closes
+      ticket 33194.
+    - Stop allowing the Chutney IPv6 Travis job to fail. This job was
+      previously configured to fast_finish (which requires
+      allow_failure), to speed up the build. Closes ticket 33195.
+    - When a Travis chutney job fails, use chutney's new "diagnostics.sh"
+      tool to produce detailed diagnostic output. Closes ticket 32792.
+
+
 Changes in version 0.4.2.7 - 2020-03-18
   This is the third stable release in the 0.4.2.x series. It backports
   numerous fixes from later releases, including a fix for TROVE-2020-



More information about the tor-commits mailing list