From 02c18044464bfe45f168b55297a785244094cfd5 Mon Sep 17 00:00:00 2001 From: Tor CI Release Date: Wed, 2 Apr 2025 13:50:59 +0000 Subject: [PATCH] release: ChangeLog for 0.4.9.2-alpha --- ChangeLog | 138 ++++++++++++++++++++++++++++++++ changes/bug40802 | 9 --- changes/bug40933 | 3 - changes/bug41021 | 4 - changes/bug41023 | 5 -- changes/bug41032 | 2 - changes/ci-pin-chutney | 3 - changes/ephemeral-onion-pow | 7 -- changes/fallbackdirs-2025-02-05 | 2 - changes/fallbackdirs-2025-03-20 | 2 - changes/geoip-2025-02-05 | 3 - changes/geoip-2025-03-20 | 3 - changes/geoip-2025-03-24 | 3 - changes/happy-families | 17 ---- changes/happy-families-client | 4 - changes/ticket31524 | 3 - changes/ticket40248 | 4 - changes/ticket40836 | 18 ----- changes/ticket40872 | 3 - changes/ticket40976 | 4 - changes/ticket40991 | 4 - changes/ticket40996 | 5 -- changes/ticket41029 | 3 - changes/ticket41035 | 3 - changes/ticket41037 | 3 - changes/too_many_tlssecrets | 6 -- 26 files changed, 138 insertions(+), 123 deletions(-) delete mode 100644 changes/bug40802 delete mode 100644 changes/bug40933 delete mode 100644 changes/bug41021 delete mode 100644 changes/bug41023 delete mode 100644 changes/bug41032 delete mode 100644 changes/ci-pin-chutney delete mode 100644 changes/ephemeral-onion-pow delete mode 100644 changes/fallbackdirs-2025-02-05 delete mode 100644 changes/fallbackdirs-2025-03-20 delete mode 100644 changes/geoip-2025-02-05 delete mode 100644 changes/geoip-2025-03-20 delete mode 100644 changes/geoip-2025-03-24 delete mode 100644 changes/happy-families delete mode 100644 changes/happy-families-client delete mode 100644 changes/ticket31524 delete mode 100644 changes/ticket40248 delete mode 100644 changes/ticket40836 delete mode 100644 changes/ticket40872 delete mode 100644 changes/ticket40976 delete mode 100644 changes/ticket40991 delete mode 100644 changes/ticket40996 delete mode 100644 changes/ticket41029 delete mode 100644 changes/ticket41035 delete mode 100644 changes/ticket41037 delete mode 100644 changes/too_many_tlssecrets diff --git a/ChangeLog b/ChangeLog index fc21d39714..25692bdfd4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,141 @@ +Changes in version 0.4.9.2-alpha - 2025-04-02 + This is the second alpha of the 0.4.9.x series. We have several new minor + features and a big one, the happy families that was long awaited by relay + operators. This release also fixes a number of bugs including major ones. + + o Major feature (happy families): + - Clients and relays now support "happy families", a system to + simplify relay family operation and improve directory performance. + With "happy families", relays in a family shares a secret "family + key", which they use to prove their membership in the family. + Implements proposal 321; closes ticket 41009. Note that until + enough clients are upgraded, relay operators will still need to + configure MyFamily lists. But once clients no longer depend on + those lists, we will be able to remove them entirely, thereby + simplifying family operation, and making microdescriptor downloads + approximately 80% smaller. For more information, see + https://community.torproject.org/relay/setup/post-install/family-ids/ + + o Major features (client): + - Clients now respect "happy families" per proposal 321. This + feature will eventually allow a much more compact representation + for relay families, for a significant savings in directory + download size. + + o Minor feature (onion service, control port): + - Add 3 more keywords to the ADD_ONION control command: + PoWDefensesEnabled, PoWQueueRate and PoWQueueBurst which correspond + to HiddenServicePoWDefensesEnabled, HiddenServicePoWQueueRate and + HiddenServicePoWQueueBurst from torrc. + + o Minor feature (testing, CI): + - Use a fixed version of chutney (be881a1e) instead of its current + HEAD. This version should also be preferred when testing locally. + + o Minor features (compilation): + - Fix a warning when compiling with GCC 14.2. Closes 41032. + + o Minor features (continuous integration): + - Upgrade CI runners to use Debian Bookworm instead of Bullseye. + Closes ticket 41029. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on February 05, 2025. + - Regenerate fallback directories generated on March 20, 2025. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2025/02/05. + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2025/03/20. + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2025/03/24. + + o Minor features (recommended protocols): + - Directory authorities now vote to recommend that clients support + certain protocols beyond those that are required. These include + improved support for connecting to relays on IPv6, NtorV3, and + congestion control. Part of ticket 40836. + + o Minor features (required protocols): + - Directory authorities now vote to require clients to support the + authenticated SENDME feature, which was introduced in + 0.4.1.1-alpha. Part of ticket 40836. + - Directory authorities now vote to require relays to support + certain protocols, all of which have been implemented since + 0.4.7.4-alpha or earlier. These include improved support for + connecting to relays on IPv6, NtorV3, running as a rate-limited + introduction point, authenticated SENDMEs, and congestion control. + Part of ticket 40836. + + o Major bugfix (control-events, bw-cache): + - Fixes spikes occurring in bandwidth cache on control connection. + Fixes bug 31524; bugfix on 0.4.8.12-dev. + + o Major bugfixes (conflux): + - Ensure conflux guards obey family and subnet restrictions. Fixes + bug 40976; bugfix on 0.4.8.13. + + o Major bugfixes (onion service directory cache): + - When the OOM killer kicks in, cleanup the descriptor cache of an + HSDir by looking at the lowest downloaded count instead of time in + cache. Fixes bug 40996; bugfix on 0.3.5.1-alpha. + + o Minor bugfix (client DNS): + - Handle empty DNS reply without sending back an error and instead + send back NOERROR (RFC1035 error code 0x0). Fixes bug 40248; + bugfix on 0.3.5.1-alpha. + + o Minor bugfix (conflux): + - Avoid a non fatal assert when describing a conflux circuit on the + control port after being prepped to be freed. Fixes bug 41037; + bugfix on 0.4.8.15. + + o Minor bugfix (dirauth): + - Fix typo in flag assignment approved-routers file. Fixes bug + 41035; bugfix on 0.4.8.15 + + o Minor bugfixes (control port): + - Correctly report conflux pair information to controller fields + Fixes bug 40872; bugfix on 0.4.8.1-alpha + + o Minor bugfixes (directory authorities): + - After we added layer-two vanguards, directory authorities wouldn't + think any of their vanguards were suitable for circuits, leading + to a "Failed to find node for hop #2 of our path. Discarding this + circuit." log message once per second from startup until they made + a fresh consensus. Now they look to their existing consensus on + startup, letting them build circuits properly from the beginning. + Fixes bug 40802; bugfix on 0.4.7.1-alpha. + + o Minor bugfixes (relay flag usage): + - Fix client usage of the MiddleOnly flag so that MiddleOnly relays + are not used as HS IP or RP by clients or services. Additionally, + give dirauths the ability to remove specific flags, as an + alternative to MiddleOnly. Fixes bug 41023; bugfix on 0.4.7.2-alpha + + o Minor bugfixes (sandbox, bwauth): + - Fix sandbox to work for bandwidth authority. Fixes bug 40933; + bugfix on 0.2.2.1-alpha + + o Minor bugfixes (tests): + - Fix a test failure with OpenSSL builds running at security level 1 + or greater, which does not permit SHA-1 certificates. (Fixes bug + 41021; bugfix on 0.2.8.1-alpha.) + + o Minor bugfixes (threads, memory): + - Improvements in cleanup of resources used by threads. Fixes bug + 40991; bugfix on 0.4.8.13-dev. + - Rework start and exit of worker threads. + + o Removed features: + - Relays no longer support the obsolete "RSA-SHA256-TLSSecret" + authentication method, which used a dangerously short RSA key, and + which required access TLS session internals. The current method + ("Ed25519-SHA256-RFC5705") has been supported since 0.3.0.1-alpha. + Closes ticket 41020. + + Changes in version 0.4.9.1-alpha - 2024-12-03 This is the first alpha of the 0.4.9.x series. This release mostly consists of bugfixes including some major ones. There are several minor features in diff --git a/changes/bug40802 b/changes/bug40802 deleted file mode 100644 index 2ec4afd59d..0000000000 --- a/changes/bug40802 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes (directory authorities): - - After we added layer-two vanguards, directory authorities wouldn't - think any of their vanguards were suitable for circuits, leading - to a "Failed to find node for hop #2 of our path. Discarding - this circuit." log message once per second from startup until - they made a fresh consensus. Now they look to their existing - consensus on startup, letting them build circuits properly from - the beginning. Fixes bug 40802; bugfix on 0.4.7.1-alpha. - diff --git a/changes/bug40933 b/changes/bug40933 deleted file mode 100644 index c4f9eb085f..0000000000 --- a/changes/bug40933 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (sandbox, bwauth): - - Fix sandbox to work for bandwidth authority. Fixes bug 40933; bugfix on - 0.2.2.1-alpha diff --git a/changes/bug41021 b/changes/bug41021 deleted file mode 100644 index 344423f532..0000000000 --- a/changes/bug41021 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (tests): - - Fix a test failure with OpenSSL builds running at security level 1 or - greater, which does not permit SHA-1 certificates. - (Fixes bug 41021; bugfix on 0.2.8.1-alpha.) diff --git a/changes/bug41023 b/changes/bug41023 deleted file mode 100644 index 55d79d5a7f..0000000000 --- a/changes/bug41023 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (relay flag usage): - - Fix client usage of the MiddleOnly flag so that MiddleOnly relays are - not used as HS IP or RP by clients or services. Additionally, give - dirauths the ability to remove specific flags, as an alternative to - MiddleOnly. Fixes bug 41023; bugfix on 0.4.7.2-alpha diff --git a/changes/bug41032 b/changes/bug41032 deleted file mode 100644 index 25c337c9d5..0000000000 --- a/changes/bug41032 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (compilation): - - Fix a warning when compiling with GCC 14.2. Closes 41032. diff --git a/changes/ci-pin-chutney b/changes/ci-pin-chutney deleted file mode 100644 index f572de9d92..0000000000 --- a/changes/ci-pin-chutney +++ /dev/null @@ -1,3 +0,0 @@ - o Minor feature (testing, CI): - - Use a fixed version of chutney (be881a1e) instead of its current HEAD. - This version should also be preferred when testing locally. diff --git a/changes/ephemeral-onion-pow b/changes/ephemeral-onion-pow deleted file mode 100644 index 7404f7008e..0000000000 --- a/changes/ephemeral-onion-pow +++ /dev/null @@ -1,7 +0,0 @@ - o Minor feature (onion service, control port): - - Add 3 more keywords to the ADD_ONION control command: PoWDefensesEnabled, - PoWQueueRate and PoWQueueBurst which correspond to - HiddenServicePoWDefensesEnabled, HiddenServicePoWQueueRate and - HiddenServicePoWQueueBurst from torrc. - - diff --git a/changes/fallbackdirs-2025-02-05 b/changes/fallbackdirs-2025-02-05 deleted file mode 100644 index bd1d38d27e..0000000000 --- a/changes/fallbackdirs-2025-02-05 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on February 05, 2025. diff --git a/changes/fallbackdirs-2025-03-20 b/changes/fallbackdirs-2025-03-20 deleted file mode 100644 index 58a3cd1e37..0000000000 --- a/changes/fallbackdirs-2025-03-20 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on March 20, 2025. diff --git a/changes/geoip-2025-02-05 b/changes/geoip-2025-02-05 deleted file mode 100644 index e3c284be06..0000000000 --- a/changes/geoip-2025-02-05 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2025/02/05. diff --git a/changes/geoip-2025-03-20 b/changes/geoip-2025-03-20 deleted file mode 100644 index 6187b9323a..0000000000 --- a/changes/geoip-2025-03-20 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2025/03/20. diff --git a/changes/geoip-2025-03-24 b/changes/geoip-2025-03-24 deleted file mode 100644 index 35d6ef28df..0000000000 --- a/changes/geoip-2025-03-24 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2025/03/24. diff --git a/changes/happy-families b/changes/happy-families deleted file mode 100644 index c4520129c9..0000000000 --- a/changes/happy-families +++ /dev/null @@ -1,17 +0,0 @@ - o Major feature (happy families): - - - Clients and relays now support "happy families", a system to - simplify relay family operation and improve directory performance. - With "happy families", relays in a family shares a secret "family key", - which they use to prove their membership in the family. - Implements proposal 321; closes ticket 41009. - - Note that until enough clients are upgraded, - relay operators will still need to configure MyFamily lists. - But once clients no longer depend on those lists, - we will be able to remove them entirely, - thereby simplifying family operation, - and making microdescriptor downloads approximately 80% smaller. - - For more information, see - https://community.torproject.org/relay/setup/post-install/family-ids/ diff --git a/changes/happy-families-client b/changes/happy-families-client deleted file mode 100644 index aeeb666203..0000000000 --- a/changes/happy-families-client +++ /dev/null @@ -1,4 +0,0 @@ - o Major features (client): - - Clients now respect "happy families" per proposal 321. - This feature will eventually allow a much more compact representation - for relay families, for a significant savings in directory download size. diff --git a/changes/ticket31524 b/changes/ticket31524 deleted file mode 100644 index b629fcea00..0000000000 --- a/changes/ticket31524 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfix (control-events, bw-cache): - - Fixes spikes occurring in bandwidth cache on control connection. - Fixes bug 31524; bugfix on 0.4.8.12-dev. diff --git a/changes/ticket40248 b/changes/ticket40248 deleted file mode 100644 index ebe7ca0b56..0000000000 --- a/changes/ticket40248 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (client DNS): - - Handle empty DNS reply without sending back an error and instead send back - NOERROR (RFC1035 error code 0x0). Fixes bug 40248; bugfix on - 0.3.5.1-alpha. diff --git a/changes/ticket40836 b/changes/ticket40836 deleted file mode 100644 index 0f56d5ae4c..0000000000 --- a/changes/ticket40836 +++ /dev/null @@ -1,18 +0,0 @@ - o Minor features (required protocols): - - Directory authorities now vote to require relays to support certain - protocols, all of which have been implemented since 0.4.7.4-alpha or - earlier. - These include improved support for connecting to relays on IPv6, - NtorV3, running as a rate-limited introduction point, - authenticated SENDMEs, and congestion control. - Part of ticket 40836. - - Directory authorities now vote to require clients to support the - authenticated SENDME feature, which was introduced in 0.4.1.1-alpha. - Part of ticket 40836. - - o Minor features (recommended protocols): - - Directory authorities now vote to recommend that clients - support certain protocols beyond those that are required. - These include improved support for connecting to relays on IPv6, - NtorV3, and congestion control. - Part of ticket 40836. diff --git a/changes/ticket40872 b/changes/ticket40872 deleted file mode 100644 index 38b2521c8d..0000000000 --- a/changes/ticket40872 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (control port): - - Correctly report conflux pair information to controller fields - Fixes bug 40872; bugfix on 0.4.8.1-alpha diff --git a/changes/ticket40976 b/changes/ticket40976 deleted file mode 100644 index 7f6bbb4389..0000000000 --- a/changes/ticket40976 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (conflux): - - Ensure conflux guards obey family and subnet restrictions. Fixes bug - 40976; bugfix on 0.4.8.13. - diff --git a/changes/ticket40991 b/changes/ticket40991 deleted file mode 100644 index c8826cff60..0000000000 --- a/changes/ticket40991 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (threads, memory): - - Rework start and exit of worker threads. - - Improvements in cleanup of resources used by threads. - Fixes bug 40991; bugfix on 0.4.8.13-dev. diff --git a/changes/ticket40996 b/changes/ticket40996 deleted file mode 100644 index 1beb1c16c2..0000000000 --- a/changes/ticket40996 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (onion service directory cache): - - When the OOM killer kicks in, cleanup the descriptor cache of an HSDir by - looking at the lowest downloaded count instead of time in cache. Fixes bug - 40996; bugfix on 0.3.5.1-alpha. - diff --git a/changes/ticket41029 b/changes/ticket41029 deleted file mode 100644 index 7f9e254b35..0000000000 --- a/changes/ticket41029 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (continuous integration): - - Upgrade CI runners to use Debian Bookworm instead of Bullseye. Closes - ticket 41029. diff --git a/changes/ticket41035 b/changes/ticket41035 deleted file mode 100644 index cc70271231..0000000000 --- a/changes/ticket41035 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfix (dirauth): - - Fix typo in flag assignment approved-routers file. Fixes bug 41035; bugfix - on 0.4.8.15 diff --git a/changes/ticket41037 b/changes/ticket41037 deleted file mode 100644 index c56165ade2..0000000000 --- a/changes/ticket41037 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfix (conflux): - - Avoid a non fatal assert when describing a conflux circuit on the control - port after being prepped to be freed. Fixes bug 41037; bugfix on 0.4.8.15. diff --git a/changes/too_many_tlssecrets b/changes/too_many_tlssecrets deleted file mode 100644 index d1748e6f03..0000000000 --- a/changes/too_many_tlssecrets +++ /dev/null @@ -1,6 +0,0 @@ - o Removed features: - - Relays no longer support the obsolete "RSA-SHA256-TLSSecret" - authentication method, which used a dangerously short RSA key, - and which required access TLS session internals. The current method - ("Ed25519-SHA256-RFC5705") has been supported since 0.3.0.1-alpha. - Closes ticket 41020. -- 2.47.2