commit 8b46d1c6ca20b8c99b979569c7432a97d8fc20a1 parent 5e2f6d543354cede26e302ceaebeed0ea39eb9c6 Author: Tor CI Release <no-email@torproject.org> Date: Thu, 1 Jun 2023 13:36:17 +0000 release: ChangeLog for 0.4.8.1-alpha Diffstat:
84 files changed, 171 insertions(+), 374 deletions(-)
diff --git a/ChangeLog b/ChangeLog @@ -1,3 +1,174 @@ +Changes in version 0.4.8.1-alpha - 2023-06-01 + This is the first alpha of the 0.4.8.x series. Two major features in this + version which are Conflux and onion service Proof-of-Work (PoW). There are + also many small features in particular, worth noting, the MetricsPort is now + exporting more relay and onion service metrics. Finally, there are + also numerous minor bugfixes included in this version. + + o Major features (onion service, proof-of-work): + - Implement proposal 327 (Proof-Of-Work). This is aimed at thwarting + introduction flooding DoS attacks by introducing a dynamic Proof-Of-Work + protocol that occurs over introduction circuits. This introduces several + torrc options prefixed with "HiddenServicePoW" in order to control this + feature. By default, this is disabled. Closes ticket 40634. + + o Major features (conflux): + - Implement Proposal 329 (conflux traffic splitting). Conflux splits + traffic across two circuits to Exits that support the protocol. + These circuits are pre-built only, which means that if the pre- + built conflux pool runs out, regular circuits will then be used. + When using conflux circuit pairs, clients choose the lower-latency + circuit to send data to the Exit. When the Exit sends data to the + client, it maximizes throughput, by fully utilizing both circuits + in a multiplexed fashion. Alternatively, clients can request that + the Exit optimize for latency when transmitting to them, by + setting the torrc option 'ConfluxClientUX latency'. Onion services + are not currently supported, but will be in arti. Many other + future optimizations will also be possible using this protocol. + Closes ticket 40593. + + o Major features (dirauth): + - Directory authorities and relays now interact properly with + directory authorities if they change addresses. In the past, they + would continue to upload votes, signatures, descriptors, etc to + the hard-coded address in the configuration. Now, if the directory + authority is listed in the consensus at a different address, they + will direct queries to this new address. Implements ticket 40705. + + o Minor feature (CI): + - Update CI to use Debian Bullseye for runners. + + o Minor feature (client, IPv6): + - Make client able to pick IPv6 relays by default now meaning + ClientUseIPv6 option now defaults to 1. Closes ticket 40785. + + o Minor feature (compilation): + - Fix returning something other than "Unknown N/A" as libc version + if we build tor on an O.S. like DragonFlyBSD, FreeBSD, OpenBSD + or NetBSD. + + o Minor feature (cpuworker): + - Always use the number of threads for our CPU worker pool to the + number of core available but cap it to a minimum of 2 in case of a + single core. Fixes bug 40713; bugfix on 0.3.5.1-alpha. + + o Minor feature (lzma): + - Fix compiler warnings for liblzma >= 5.3.1. Closes ticket 40741. + + o Minor feature (MetricsPort, relay): + - Expose time until online keys expires on the MetricsPort. Closes + ticket 40546. + + o Minor feature (MetricsPort, relay, onion service): + - Add metrics for the relay side onion service interactions counting + seen cells. Closes ticket 40797. Patch by "friendly73". + + o Minor features (directory authorities): + - Directory authorities now include their AuthDirMaxServersPerAddr + config option in the consensus parameter section of their vote. + Now external tools can better predict how they will behave. + Implements ticket 40753. + + o Minor features (directory authority): + - Add a new consensus method in which the "published" times on + router entries in a microdesc consensus are all set to a + meaningless fixed date. Doing this will make the download size for + compressed microdesc consensus diffs much smaller. Part of ticket + 40130; implements proposal 275. + + o Minor features (network documents): + - Clients and relays no longer track the "published on" time + declared for relays in any consensus documents. When reporting + this time on the control port, they instead report a fixed date in + the future. Part of ticket 40130. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on June 01, 2023. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2023/06/01. + + o Minor features (hs, metrics): + - Add tor_hs_rend_circ_build_time and tor_hs_intro_circ_build_time + histograms to measure hidden service rend/intro circuit build time + durations. Part of ticket 40757. + + o Minor features (metrics): + - Add a `reason` label to the HS error metrics. Closes ticket 40758. + - Add service side metrics for REND and introduction request + failures. Closes ticket 40755. + - Add support for histograms. Part of ticket 40757. + + o Minor features (pluggable transports): + - Automatically restart managed Pluggable Transport processes when + their process terminate. Resolves ticket 33669. + + o Minor features (portability, compilation): + - Use OpenSSL 1.1 APIs for LibreSSL, fixing LibreSSL 3.5 + compatibility. Fixes issue 40630; patch by Alex Xu (Hello71). + + o Minor features (relay): + - Do not warn about configuration options that may expose a non- + anonymous onion service. Closes ticket 40691. + + o Minor features (relays): + - Trigger OOS when bind fails with EADDRINUSE. This improves + fairness when a large number of exit connections are requested, + and properly signals exhaustion to the network. Fixes issue 40597; + patch by Alex Xu (Hello71). + + o Minor features (tests): + - Avoid needless key reinitialization with OpenSSL during unit + tests, saving significant time. Patch from Alex Xu. + + o Minor bugfix (relay, logging): + - The wrong max queue cell size was used in a protocol warning + logging statement. Fixes bug 40745; bugfix on 0.4.7.1-alpha. + + o Minor bugfixes (logging): + - Avoid ""double-quoting"" strings in several log messages. Fixes + bug 22723; bugfix on 0.1.2.2-alpha. + - Correct a log message when cleaning microdescriptors. Fixes bug + 40619; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (metrics): + - Decrement hs_intro_established_count on introduction circuit + close. Fixes bug 40751; bugfix on 0.4.7.12. + + o Minor bugfixes (pluggable transports, windows): + - Remove a warning `BUG()` that could occur when attempting to + execute a non-existing pluggable transport on Windows. Fixes bug + 40596; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (relay): + - Remove a "BUG" warning for an acceptable race between a circuit + close and considering that circuit active. Fixes bug 40647; bugfix + on 0.3.5.1-alpha. + - Remove a harmless "Bug" log message that can happen in + relay_addr_learn_from_dirauth() on relays during startup. Finishes + fixing bug 40231. Fixes bug 40523; bugfix on 0.4.5.4-rc. + + o Minor bugfixes (sandbox): + - Allow membarrier for the sandbox. And allow rt_sigprocmask when + compiled with LTTng. Fixes bug 40799; bugfix on 0.3.5.1-alpha. + - Fix sandbox support on AArch64 systems. More "*at" variants of + syscalls are now supported. Signed 32 bit syscall parameters are + checked more precisely, which should lead to lower likelihood of + breakages with future compiler and libc releases. Fixes bug 40599; + bugfix on 0.4.4.3-alpha. + + o Minor bugfixes (state file): + - Avoid a segfault if the state file doesn't contains TotalBuildTimes + along CircuitBuildAbandonedCount being above 0. Fixes bug 40437; + bugfix on 0.3.5.1-alpha. + + o Removed features: + - Remove the RendPostPeriod option. This was primarily used in + Version 2 Onion Services and after its deprecation isn't needed + anymore. Closes ticket 40431. Patch by Neel Chauhan. + + Changes in version 0.4.7.13 - 2023-01-12 This version contains three major bugfixes, two for relays and one for client being a security fix, TROVE-2022-002. We have added, for Linux, the diff --git a/changes/aarch64_sandbox b/changes/aarch64_sandbox @@ -1,5 +0,0 @@ - o Minor bugfixes (sandbox): - - Fix sandbox support on AArch64 systems. More "*at" variants of syscalls - are now supported. Signed 32 bit syscall parameters are checked more - precisely, which should lead to lower likelihood of breakages with future - compiler and libc releases. Fixes bug 40599; bugfix on 0.4.4.3-alpha. diff --git a/changes/bsd_libc b/changes/bsd_libc @@ -1,3 +0,0 @@ - o Minor feature (compilation): - - Fix returning something other than "Unknown N/A" as libc version if we - build tor on an O.S. like DragonFlyBSD, FreeBSD, OpenBSD or NetBSD. diff --git a/changes/bug40431 b/changes/bug40431 @@ -1,4 +0,0 @@ - o Removed features: - - Remove the RendPostPeriod option. This was primarily used in Version 2 - Onion Services and after its deprecation isn't needed anymore. Closes - ticket 40431. Patch by Neel Chauhan. diff --git a/changes/bug40523 b/changes/bug40523 @@ -1,4 +0,0 @@ - o Minor bugfixes (relay): - - Remove a harmless "Bug" log message that can happen in - relay_addr_learn_from_dirauth() on relays during startup. Finishes - fixing bug 40231. Fixes bug 40523; bugfix on 0.4.5.4-rc. diff --git a/changes/bug40563 b/changes/bug40563 @@ -1,8 +0,0 @@ - o Major bugfixes (relay): - - When opening a channel because of a circuit request that did not - include an Ed25519 identity, record the Ed25519 identity that we - actually received, so that we can use the channel for other circuit - requests that _do_ list an Ed25519 identity. - (Previously we had code to record this identity, but a logic bug - caused it to be disabled.) Fixes bug 40563; bugfix on 0.3.0.1-alpha. - Patch from "cypherpunks". diff --git a/changes/bug40603 b/changes/bug40603 @@ -1,5 +0,0 @@ - o Minor bugfixes (logging): - - Demote a harmless warn log message about finding a second hop to from - warn level to info level, if we do not have enough descriptors yet. - Leave it at notice level for other cases. Fixes bug 40603; - bugfix on 0.4.7.1-alpha. diff --git a/changes/bug40612 b/changes/bug40612 @@ -1,5 +0,0 @@ - o Minor bugfixes (logging): - - Demote a notice log message about "Unexpected path length" to info - level. These cases seem to happen arbitrarily, and we likely will - never find all of them before the switch to arti. Fixes bug 40612; - bugfix on 0.4.7.5-alpha. diff --git a/changes/bug40619 b/changes/bug40619 @@ -1,3 +0,0 @@ - o Minor bugfixes (logging): - - Correct a log message when cleaning microdescriptors. - Fixes bug 40619; bugfix on 0.2.5.4-alpha. diff --git a/changes/bug40620 b/changes/bug40620 @@ -1,3 +0,0 @@ - o Minor bugfixes (relay, logging): - - Demote a harmless XOFF log message to from notice level to info level. - Fixes bug 40620; bugfix on 0.4.7.5-alpha. diff --git a/changes/bug40626 b/changes/bug40626 @@ -1,6 +0,0 @@ - o Major bugfixes (congestion control, TROVE-2022-001): - - Fix a scenario where RTT estimation can become wedged, seriously - degrading congestion control performance on all circuits. This impacts - clients, onion services, and relays, and can be triggered remotely by a - malicious endpoint. Tracked as CVE-2022-33903. Fixes bug 40626; bugfix - on 0.4.7.5-alpha. diff --git a/changes/bug40639 b/changes/bug40639 @@ -1,5 +0,0 @@ - o Major bugfixes (vanguards): - - We had omitted some checks for whether our vanguards (second layer - guards from proposal 333) overlapped. Now make sure to pick each - of them to be independent. Also, change the design to allow them to - come from the same family. Fixes bug 40639; bugfix on 0.4.7.1-alpha. diff --git a/changes/bug40642 b/changes/bug40642 @@ -1,9 +0,0 @@ - o Major bugfixes (congestion control): - - Implement RFC3742 Limited Slow Start. Congestion control was - overshooting the congestion window during slow start, particularly for - onion service activity. With this fix, we now update the congestion - window more often during slow start, as well as dampen the exponential - growth when the congestion window grows above a capping parameter. - This should reduce the memory increases guard relays were seeing, as - well as allow us to set lower queue limits to defend against - ongoing DoS attacks. Fixes bug 40642; bugfix on 0.4.7.5-alpha. diff --git a/changes/bug40644 b/changes/bug40644 @@ -1,8 +0,0 @@ - o Minor bugfixes (congestion control): - - Add a check for an integer underflow condition that might - happen in cases where the system clock is stopped, the - ORconn is blocked, and the endpoint sends more than a - congestion window worth of non-data control cells at once. - This would cause a large congestion window to be calculated - instead of a small one. No security impact. Fixes bug 40644; - bugfix on 0.4.7.5-alpha. diff --git a/changes/bug40645 b/changes/bug40645 @@ -1,5 +0,0 @@ - o Minor bugfixes (defense in depth): - - Change a test in the netflow padding code to make it more - _obviously_ safe against remotely triggered crashes. - (It was safe against these before, but not obviously so.) - Fixes bug 40645; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug40673 b/changes/bug40673 @@ -1,7 +0,0 @@ - o Minor bugfixes (relay overload statistics): - - Count total create cells vs dropped create cells properly, when - assessing if our fraction of dropped cells is too high. We only - count non-client circuits in the denominator, but we would include - client circuits in the numerator, leading to surprising log lines - claiming that we had dropped more than 100% of incoming create - cells. Fixes bug 40673; bugfix on 0.4.7.1-alpha. diff --git a/changes/bug40684 b/changes/bug40684 @@ -1,6 +0,0 @@ - o Major bugfixes (OSX): - - Fix coarse-time computation on Apple platforms (like Mac M1) where - the Mach absolute time ticks do not correspond directly to - nanoseconds. Previously, we computed our shift value wrong, which - led us to give incorrect timing results. - Fixes bug 40684; bugfix on 0.3.3.1-alpha. diff --git a/changes/bug40698 b/changes/bug40698 @@ -1,11 +0,0 @@ - o Minor bugfixes (dirauth): - - Directory authorities stop voting a consensus "Measured" weight - for relays with the Authority flag. Now these relays will be - considered unmeasured, which should reserve their bandwidth - for their dir auth role and minimize distractions from other - roles. In place of the "Measured" weight, they now include a - "MeasuredButAuthority" weight (not used by anything) so the - bandwidth authority's opinion on this relay can be recorded for - posterity. Lastly, remove the AuthDirDontVoteOnDirAuthBandwidth - torrc option which never worked right. Fixes bugs 40698 and 40700; - bugfix on 0.4.7.2-alpha. diff --git a/changes/bug40732 b/changes/bug40732 @@ -1,7 +0,0 @@ - o Major bugfixes (congestion control): - - Avoid incrementing the congestion window when the window is not - fully in use. Thia prevents overshoot in cases where long periods - of low activity would allow our congestion window to grow, and - then get followed by a burst, which would cause queue overload. - Also improve the increment checks for RFC3742. Fixes bug 40732; - bugfix on 0.4.7.5-alpha. diff --git a/changes/bug40751 b/changes/bug40751 @@ -1,3 +0,0 @@ - o Minor bugfixes (metrics): - - Decrement hs_intro_established_count on introduction circuit close. Fixes - bug 40751; bugfix on 0.4.7.12. diff --git a/changes/fallbackdirs-2022-08-11 b/changes/fallbackdirs-2022-08-11 @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on August 11, 2022. diff --git a/changes/fallbackdirs-2022-11-10 b/changes/fallbackdirs-2022-11-10 @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on November 10, 2022. diff --git a/changes/fallbackdirs-2022-12-06 b/changes/fallbackdirs-2022-12-06 @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on December 06, 2022. diff --git a/changes/fallbackdirs-2023-01-12 b/changes/fallbackdirs-2023-01-12 @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on January 12, 2023. diff --git a/changes/fallbackdirs-2023-06-01 b/changes/fallbackdirs-2023-06-01 @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on June 01, 2023. diff --git a/changes/faster_tests b/changes/faster_tests @@ -1,3 +0,0 @@ - o Minor features (tests): - - Avoid needless key reinitialization with OpenSSL during unit tests, - saving significant time. Patch from Alex Xu. diff --git a/changes/geoip-2022-08-11 b/changes/geoip-2022-08-11 @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2022/08/11. diff --git a/changes/geoip-2022-08-12 b/changes/geoip-2022-08-12 @@ -1,5 +0,0 @@ - o Major bugfixes (geoip data): - - IPFire informed us on August 12th that databases generated after - (including) August 10th did not have proper ARIN network allocations. We - are updating the database to use the one generated on August 9th, 2022. - Fixes bug 40658; bugfix on 0.4.5.13. diff --git a/changes/geoip-2022-11-10 b/changes/geoip-2022-11-10 @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2022/11/10. diff --git a/changes/geoip-2022-12-06 b/changes/geoip-2022-12-06 @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2022/12/06. diff --git a/changes/geoip-2023-01-12 b/changes/geoip-2023-01-12 @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2023/01/12. diff --git a/changes/geoip-2023-06-01 b/changes/geoip-2023-06-01 @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2023/06/01. diff --git a/changes/ip_bind_address_no_port b/changes/ip_bind_address_no_port @@ -1,5 +0,0 @@ - o Minor features (relays): - - Set the Linux-specific IP_BIND_ADDRESS_NO_PORT option on outgoing - sockets, allowing relays using OutboundBindAddress to make more outgoing - connections than ephemeral ports, as long as they are to separate - destinations. Related to issue 40597; patch by Alex Xu (Hello71). diff --git a/changes/issue40597 b/changes/issue40597 @@ -1,4 +0,0 @@ - o Minor features (relays): - - Trigger OOS when bind fails with EADDRINUSE. This improves fairness when - a large number of exit connections are requested, and properly signals - exhaustion to the network. Fixes issue 40597; patch by Alex Xu (Hello71). diff --git a/changes/issue40613 b/changes/issue40613 @@ -1,3 +0,0 @@ - o Code simplifications and refactoring: - - Rely on actual error returned by the kernel when choosing what resource - exhaustion to log. Fixes issue 40613; Fix on tor-0.4.6.1-alpha. diff --git a/changes/issue40630 b/changes/issue40630 @@ -1,3 +0,0 @@ - o Minor features (portability, compilation): - - Use OpenSSL 1.1 APIs for LibreSSL, fixing LibreSSL 3.5 compatibility. - Fixes issue 40630; patch by Alex Xu (Hello71). diff --git a/changes/log-quotes b/changes/log-quotes @@ -1,3 +0,0 @@ - o Minor bugfixes (logging): - - Avoid ""double-quoting"" strings in several log messages. - Fixes bug 22723; bugfix on 0.1.2.2-alpha. diff --git a/changes/prop275 b/changes/prop275 @@ -1,12 +0,0 @@ - o Minor features (directory authority): - - Add a new consensus method in which the "published" times on router - entries in a microdesc consensus are all set to a meaningless fixed - date. Doing this will make the download size for compressed microdesc - consensus diffs much smaller. - Part of ticket 40130; implements proposal 275. - - o Minor features (network documents): - - Clients and relays no longer track the "published on" time declared - for relays in any consensus documents. When reporting this time on - the control port, they instead report a fixed date in the future. - Part of ticket 40130. diff --git a/changes/ticket33669 b/changes/ticket33669 @@ -1,3 +0,0 @@ - o Minor features (pluggable transports): - - Automatically restart managed Pluggable Transport processes when their - process terminate. Resolves ticket 33669. diff --git a/changes/ticket40194 b/changes/ticket40194 @@ -1,9 +0,0 @@ - o Minor feature (relay, metrics): - - Add counters to the MetricsPort how many connections, per type, are - currently opened and how many were created. Part of ticket 40194. - - Add total number of streams seen by an Exit to the MetricsPort. - - Add congestion control RTT reset counter to MetricsPort. - - Add DoS defenses counter to MetricsPort. - - Add relay flags from the consensus to the MetricsPort. - - Add total number of opened circuits to MetricsPort. - - Add traffic stats as in number of read/written bytes in total. diff --git a/changes/ticket40437 b/changes/ticket40437 @@ -1,4 +0,0 @@ - o Minor bugfixes (state file): - - Avoid a segfault if the state file doesn't contains TotalBuildTimes along - CircuitBuildAbandonedCount being above 0. Fixes bug 40437; bugfix on - 0.3.5.1-alpha. diff --git a/changes/ticket40546 b/changes/ticket40546 @@ -1,3 +0,0 @@ - o Minor feature (MetricsPort, relay): - - Expose time until online keys expires on the MetricsPort. Closes ticket - 40546. diff --git a/changes/ticket40593 b/changes/ticket40593 @@ -1,16 +0,0 @@ - o Major features (conflux): - - Implement Proposal 329 (conflux traffic splitting). Conflux splits - traffic across two circuits to Exits that support the protocol. - These circuits are pre-built only, which means that if the pre-built - conflux pool runs out, regular circuits will then be used. - - When using conflux circuit pairs, clients choose the lower-latency - circuit to send data to the Exit. When the Exit sends data to the - client, it maximizes throughput, by fully utilizing both circuits in a - multiplexed fashion. Alternatively, clients can request that the Exit - optimize for latency when transmitting to them, by setting the torrc - option 'ConfluxClientUX latency'. - - Onion services are not currently supported, but will be in arti. Many - other future optimizations will also be possible using this protocol. - Closes ticket 40593. diff --git a/changes/ticket40596 b/changes/ticket40596 @@ -1,4 +0,0 @@ - o Minor bugfixes (pluggable transports, windows): - - Remove a warning `BUG()` that could occur when attempting to execute a - non-existing pluggable transport on Windows. Fixes bug 40596; bugfix on - 0.4.0.1-alpha. diff --git a/changes/ticket40601 b/changes/ticket40601 @@ -1,4 +0,0 @@ - o Minor bugfixes (linux seccomp2 sandbox): - - Allow the rseq system call in the sandbox. This solves a crash issue with - glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug 40601; bugfix on - 0.3.5.11. diff --git a/changes/ticket40604 b/changes/ticket40604 @@ -1,5 +0,0 @@ - o Major bugfixes (relay): - - Remove OR connections btrack subsystem entries when the connections - closes normally. Before this, we would only close it on error and thus - leaking memory for each normal OR connections. Fixes bug 40604; bugfix - on 0.4.0.1-alpha. diff --git a/changes/ticket40623 b/changes/ticket40623 @@ -1,4 +0,0 @@ - o Major bugfixes (relay): - - Stop sending TRUNCATED cell and instead close the circuits which sends a - DESTROY cell so every relay in the circuit path can stop queuing cells. - Fixes bug 40623; bugfix on 0.1.0.2-rc. diff --git a/changes/ticket40634 b/changes/ticket40634 @@ -1,3 +0,0 @@ - o Major features (onion services): - - Proof-of-work client puzzles for DoS mitigation, from proposal 327. - Closes ticket 40634. -\ No newline at end of file diff --git a/changes/ticket40647 b/changes/ticket40647 @@ -1,4 +0,0 @@ - o Minor bugfixes (relay): - - Remove a "BUG" warning for an acceptable race between a circuit close - and considering that circuit active. Fixes bug 40647; bugfix on - 0.3.5.1-alpha. diff --git a/changes/ticket40648 b/changes/ticket40648 @@ -1,3 +0,0 @@ - o Code simplification and refactoring (bridges): - - Remove unused code related to ExtPort connection ID. Fixes bug 40648; - bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40649 b/changes/ticket40649 @@ -1,4 +0,0 @@ - o Minor bugfixes (relay): - - Do not propagate either forward or backward a DESTROY remote reason when - closing a circuit so to avoid a possible side channel. Fixes bug 40649; - bugfix on 0.1.2.4-alpha. diff --git a/changes/ticket40652 b/changes/ticket40652 @@ -1,10 +0,0 @@ - o Minor features (dirauth): - - Add an AuthDirVoteGuard torrc option that can allow authorities to - assign the Guard flag to the given fingerprints/country code/IPs. This - is a needed feature mostly for defense purposes in case a DoS hits the - network and relay start losing the Guard flags too fast. - - Make UPTIME_TO_GUARANTEE_STABLE, MTBF_TO_GUARANTEE_STABLE, - TIME_KNOWN_TO_GUARANTEE_FAMILIAR WFU_TO_GUARANTEE_GUARD tunable from - torrc. - - Add a torrc option to control the Guard flag bandwidth threshold - percentile. Closes ticket 40652. diff --git a/changes/ticket40663 b/changes/ticket40663 @@ -1,3 +0,0 @@ - o Minor bugfixes (authorities, sandbox): - - Allow to write file my-consensus-<flavor-name> to disk when sandbox is - activated. Fixes bug 40663; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40664 b/changes/ticket40664 @@ -1,3 +0,0 @@ - o Minor feature (authority): - - Reject 0.4.6.x series at the authority level. Closes ticket 40664. - diff --git a/changes/ticket40674 b/changes/ticket40674 @@ -1,3 +0,0 @@ - o Major bugfixes (relay): - - Improve security of our DNS cache by randomly clipping the TTL value. - TROVE-2021-009. Fixes bug 40674; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40680 b/changes/ticket40680 @@ -1,6 +0,0 @@ - o Minor feature (relay, DoS): - - Apply circuit creation anti-DoS defenses if the outbound circuit max cell - queue size is reached too many times. This introduces two new consensus - parameters to control the queue size limit and number of times allowed to - go over that limit. Close ticket 40680. - diff --git a/changes/ticket40683 b/changes/ticket40683 @@ -1,6 +0,0 @@ - o Minor feature (Mac and iOS build): - - Change how combine_libs works on Darwin like platforms to - make sure we don't include any `__.SYMDEF` and `__.SYMDEF SORTED` - symbols on the archive before we repack and run ${RANLIB} on the - archive. This fixes a build issue with recent Xcode versions on - Mac Silicon and iOS. Closes ticket 40683. diff --git a/changes/ticket40687 b/changes/ticket40687 @@ -1,2 +0,0 @@ - o Directory authority changes (dizum): - - Change dizum IP address. Closes ticket 40687. diff --git a/changes/ticket40688 b/changes/ticket40688 @@ -1,3 +0,0 @@ - o Directory authority changes (Faravahar): - - Remove Faravahar until its operator, Sina, set it back up online outside - of Team Cymru network. Closes ticket 40688. diff --git a/changes/ticket40691 b/changes/ticket40691 @@ -1,3 +0,0 @@ - o Minor features (relay): - - Do not warn about configuration options that may expose a non-anonymous - onion service. Closes ticket 40691. diff --git a/changes/ticket40692 b/changes/ticket40692 @@ -1,3 +0,0 @@ - o Minor bugfixes (onion service client): - - A collapsing onion service circuit should be seen as an "unreachable" - error so it can be retried. Fixes bug 40692; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40694 b/changes/ticket40694 @@ -1,5 +0,0 @@ - o Major bugfixes (onion service): - - Set a much higher circuit build timeout for opened client rendezvous - circuit. Before this, tor would time them out very quickly leading to many - unnecessary retries and thus more load on the network. Fixes bug 40694; - bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40696 b/changes/ticket40696 @@ -1,3 +0,0 @@ - o Minor bugfixes (onion service): - - Make the service retry a rendezvous if the circuit is being repurposed for - measurements. Fixes bug 40696; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40703 b/changes/ticket40703 @@ -1,4 +0,0 @@ - o Minor feature (performance): - - Bump the maximum amount of CPU to use from 16 to 128. Note that NumCPUs - torrc option overrides this hardcoded maximum. Fixes bug 40703; bugfix on - 0.3.5.1-alpha. diff --git a/changes/ticket40704 b/changes/ticket40704 @@ -1,6 +0,0 @@ - o Minor feature (relay): - - Two new consensus parameters are added to control the wait time in queue - of the onionskins. One of them is the torrc MaxOnionQueueDelay options - which supersedes the consensus parameter. Closes ticket 40704. - - Change a hardcoded value for the maximum of per CPU tasks into a - consensus parameter. diff --git a/changes/ticket40705 b/changes/ticket40705 @@ -1,7 +0,0 @@ - o Major features (dirauth): - - Directory authorities and relays now interact properly with - directory authorities if they change addresses. In the past, they - would continue to upload votes, signatures, descriptors, etc to - the hard-coded address in the configuration. Now, if the directory - authority is listed in the consensus at a different address, they - will direct queries to this new address. Implements ticket 40705. diff --git a/changes/ticket40708 b/changes/ticket40708 @@ -1,3 +0,0 @@ - o Minor feature (metrics): - - Add various congestion control counters to the MetricsPort. Closes ticket - 40708. diff --git a/changes/ticket40713 b/changes/ticket40713 @@ -1,4 +0,0 @@ - o Minor feature (cpuworker): - - Always use the number of threads for our CPU worker pool to the number of - core available but cap it to a minimum of 2 in case of a single core. - Fixes bug 40713; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40719 b/changes/ticket40719 @@ -1,3 +0,0 @@ - o Minor bugfixes (cpuworker, relay): - - Fix an off by one overload calculation on the number of CPUs being used by - our thread pool. Fixes bug 40719; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40722 b/changes/ticket40722 @@ -1,5 +0,0 @@ - o Directory authority changes (moria1): - - Rotate the relay identity key and v3 identity key for moria1. They - have been online for more than a decade and refreshing keys - periodically is good practice. Advertise new ports too, to avoid - confusion. Closes ticket 40722. diff --git a/changes/ticket40724 b/changes/ticket40724 @@ -1,3 +0,0 @@ - o Minor feature (Congestion control metrics): - - Add additional metricsport relay metrics for congestion control. - Closes ticket 40724. diff --git a/changes/ticket40727 b/changes/ticket40727 @@ -1,3 +0,0 @@ - o Minor bugfixes (relay, metrics): - - Fix typo in a congestion control label on the MetricsPort. Fixes bug - 40727; bugfix on 0.4.7.12. diff --git a/changes/ticket40729 b/changes/ticket40729 @@ -1,3 +0,0 @@ - o Minor bugfixes (sandbox, authority): - - With the sandbox enabled, allow to write "my-consensus-{ns|microdesc}" and - to rename them as well. Fixes bug 40729; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40730 b/changes/ticket40730 @@ -1,5 +0,0 @@ - o Major bugfixes (TROVE-2022-002, client): - - The SafeSocks option had its logic inverted for SOCKS4 and SOCKS4a. It - would let the unsafe SOCKS4 pass but not the safe SOCKS4a one. This is - TROVE-2022-002 which was reported on Hackerone by "cojabo". Fixes bug - 40730; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40741 b/changes/ticket40741 @@ -1,2 +0,0 @@ - o Minor feature (lzma): - - Fix compiler warnings for liblzma >= 5.3.1. Closes ticket 40741. diff --git a/changes/ticket40745 b/changes/ticket40745 @@ -1,3 +0,0 @@ - o Minor bugfix (relay, logging): - - The wrong max queue cell size was used in a protocol warning logging - statement. Fixes bug 40745; bugfix on 0.4.7.1-alpha. diff --git a/changes/ticket40753 b/changes/ticket40753 @@ -1,5 +0,0 @@ - o Minor features (directory authorities): - - Directory authorities now include their AuthDirMaxServersPerAddr - config option in the consensus parameter section of their vote. Now - external tools can better predict how they will behave. Implements - ticket 40753. diff --git a/changes/ticket40755 b/changes/ticket40755 @@ -1,3 +0,0 @@ - o Minor features (metrics): - - Add service side metrics for REND and introduction request failures. - Closes ticket 40755. diff --git a/changes/ticket40757 b/changes/ticket40757 @@ -1,8 +0,0 @@ - o Minor features (metrics): - - Add support for histograms. - Part of ticket 40757. - o Minor features (hs, metrics): - - Add tor_hs_rend_circ_build_time and tor_hs_intro_circ_build_time - histograms to measure hidden service rend/intro circuit build time - durations. - Part of ticket 40757. diff --git a/changes/ticket40758 b/changes/ticket40758 @@ -1,3 +0,0 @@ - o Minor features (metrics): - - Add a `reason` label to the HS error metrics. - Closes ticket 40758. diff --git a/changes/ticket40760 b/changes/ticket40760 @@ -1,3 +0,0 @@ - o Minor feature (authority): - - Reject 0.4.5.x series at the authority level. Closes ticket 40760. - diff --git a/changes/ticket40785 b/changes/ticket40785 @@ -1,4 +0,0 @@ - o Minor feature (client, IPv6): - - Make client able to pick IPv6 relays by default now meaning ClientUseIPv6 - option now defaults to 1. Closes ticket 40785. - diff --git a/changes/ticket40797 b/changes/ticket40797 @@ -1,4 +0,0 @@ - o Minor feature (MetricsPort, relay, onion service): - - Add metrics for the relay side onion service interactions counting - seen cells. Closes ticket 40797. Patch by "friendly73". - diff --git a/changes/ticket40799 b/changes/ticket40799 @@ -1,6 +0,0 @@ - o Minor bugfixes (sandbox): - - Allow membarrier for the sandbox. And allow rt_sigprocmask when compiled - with LTTng. Fixes bug 40799; bugfix on 0.3.5.1-alpha. - - o Minor feature (CI): - - Update CI to use Debian Bullseye for runners.