+Changes in version 0.4.8.1-alpha - 2023-06-01
+ This is the first alpha of the 0.4.8.x series. Two major features in this
+ version which are Conflux and onion service Proof-of-Work (PoW). There are
+ also many small features in particular, worth noting, the MetricsPort is now
+ exporting more relay and onion service metrics. Finally, there are
+ also numerous minor bugfixes included in this version.
+
+ o Major features (onion service, proof-of-work):
+ - Implement proposal 327 (Proof-Of-Work). This is aimed at thwarting
+ introduction flooding DoS attacks by introducing a dynamic Proof-Of-Work
+ protocol that occurs over introduction circuits. This introduces several
+ torrc options prefixed with "HiddenServicePoW" in order to control this
+ feature. By default, this is disabled. Closes ticket 40634.
+
+ o Major features (conflux):
+ - Implement Proposal 329 (conflux traffic splitting). Conflux splits
+ traffic across two circuits to Exits that support the protocol.
+ These circuits are pre-built only, which means that if the pre-
+ built conflux pool runs out, regular circuits will then be used.
+ When using conflux circuit pairs, clients choose the lower-latency
+ circuit to send data to the Exit. When the Exit sends data to the
+ client, it maximizes throughput, by fully utilizing both circuits
+ in a multiplexed fashion. Alternatively, clients can request that
+ the Exit optimize for latency when transmitting to them, by
+ setting the torrc option 'ConfluxClientUX latency'. Onion services
+ are not currently supported, but will be in arti. Many other
+ future optimizations will also be possible using this protocol.
+ Closes ticket 40593.
+
+ o Major features (dirauth):
+ - Directory authorities and relays now interact properly with
+ directory authorities if they change addresses. In the past, they
+ would continue to upload votes, signatures, descriptors, etc to
+ the hard-coded address in the configuration. Now, if the directory
+ authority is listed in the consensus at a different address, they
+ will direct queries to this new address. Implements ticket 40705.
+
+ o Minor feature (CI):
+ - Update CI to use Debian Bullseye for runners.
+
+ o Minor feature (client, IPv6):
+ - Make client able to pick IPv6 relays by default now meaning
+ ClientUseIPv6 option now defaults to 1. Closes ticket 40785.
+
+ o Minor feature (compilation):
+ - Fix returning something other than "Unknown N/A" as libc version
+ if we build tor on an O.S. like DragonFlyBSD, FreeBSD, OpenBSD
+ or NetBSD.
+
+ o Minor feature (cpuworker):
+ - Always use the number of threads for our CPU worker pool to the
+ number of core available but cap it to a minimum of 2 in case of a
+ single core. Fixes bug 40713; bugfix on 0.3.5.1-alpha.
+
+ o Minor feature (lzma):
+ - Fix compiler warnings for liblzma >= 5.3.1. Closes ticket 40741.
+
+ o Minor feature (MetricsPort, relay):
+ - Expose time until online keys expires on the MetricsPort. Closes
+ ticket 40546.
+
+ o Minor feature (MetricsPort, relay, onion service):
+ - Add metrics for the relay side onion service interactions counting
+ seen cells. Closes ticket 40797. Patch by "friendly73".
+
+ o Minor features (directory authorities):
+ - Directory authorities now include their AuthDirMaxServersPerAddr
+ config option in the consensus parameter section of their vote.
+ Now external tools can better predict how they will behave.
+ Implements ticket 40753.
+
+ o Minor features (directory authority):
+ - Add a new consensus method in which the "published" times on
+ router entries in a microdesc consensus are all set to a
+ meaningless fixed date. Doing this will make the download size for
+ compressed microdesc consensus diffs much smaller. Part of ticket
+ 40130; implements proposal 275.
+
+ o Minor features (network documents):
+ - Clients and relays no longer track the "published on" time
+ declared for relays in any consensus documents. When reporting
+ this time on the control port, they instead report a fixed date in
+ the future. Part of ticket 40130.
+
+ o Minor features (fallbackdir):
+ - Regenerate fallback directories generated on June 01, 2023.
+
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2023/06/01.
+
+ o Minor features (hs, metrics):
+ - Add tor_hs_rend_circ_build_time and tor_hs_intro_circ_build_time
+ histograms to measure hidden service rend/intro circuit build time
+ durations. Part of ticket 40757.
+
+ o Minor features (metrics):
+ - Add a `reason` label to the HS error metrics. Closes ticket 40758.
+ - Add service side metrics for REND and introduction request
+ failures. Closes ticket 40755.
+ - Add support for histograms. Part of ticket 40757.
+
+ o Minor features (pluggable transports):
+ - Automatically restart managed Pluggable Transport processes when
+ their process terminate. Resolves ticket 33669.
+
+ o Minor features (portability, compilation):
+ - Use OpenSSL 1.1 APIs for LibreSSL, fixing LibreSSL 3.5
+ compatibility. Fixes issue 40630; patch by Alex Xu (Hello71).
+
+ o Minor features (relay):
+ - Do not warn about configuration options that may expose a non-
+ anonymous onion service. Closes ticket 40691.
+
+ o Minor features (relays):
+ - Trigger OOS when bind fails with EADDRINUSE. This improves
+ fairness when a large number of exit connections are requested,
+ and properly signals exhaustion to the network. Fixes issue 40597;
+ patch by Alex Xu (Hello71).
+
+ o Minor features (tests):
+ - Avoid needless key reinitialization with OpenSSL during unit
+ tests, saving significant time. Patch from Alex Xu.
+
+ o Minor bugfix (relay, logging):
+ - The wrong max queue cell size was used in a protocol warning
+ logging statement. Fixes bug 40745; bugfix on 0.4.7.1-alpha.
+
+ o Minor bugfixes (logging):
+ - Avoid ""double-quoting"" strings in several log messages. Fixes
+ bug 22723; bugfix on 0.1.2.2-alpha.
+ - Correct a log message when cleaning microdescriptors. Fixes bug
+ 40619; bugfix on 0.2.5.4-alpha.
+
+ o Minor bugfixes (metrics):
+ - Decrement hs_intro_established_count on introduction circuit
+ close. Fixes bug 40751; bugfix on 0.4.7.12.
+
+ o Minor bugfixes (pluggable transports, windows):
+ - Remove a warning `BUG()` that could occur when attempting to
+ execute a non-existing pluggable transport on Windows. Fixes bug
+ 40596; bugfix on 0.4.0.1-alpha.
+
+ o Minor bugfixes (relay):
+ - Remove a "BUG" warning for an acceptable race between a circuit
+ close and considering that circuit active. Fixes bug 40647; bugfix
+ on 0.3.5.1-alpha.
+ - Remove a harmless "Bug" log message that can happen in
+ relay_addr_learn_from_dirauth() on relays during startup. Finishes
+ fixing bug 40231. Fixes bug 40523; bugfix on 0.4.5.4-rc.
+
+ o Minor bugfixes (sandbox):
+ - Allow membarrier for the sandbox. And allow rt_sigprocmask when
+ compiled with LTTng. Fixes bug 40799; bugfix on 0.3.5.1-alpha.
+ - Fix sandbox support on AArch64 systems. More "*at" variants of
+ syscalls are now supported. Signed 32 bit syscall parameters are
+ checked more precisely, which should lead to lower likelihood of
+ breakages with future compiler and libc releases. Fixes bug 40599;
+ bugfix on 0.4.4.3-alpha.
+
+ o Minor bugfixes (state file):
+ - Avoid a segfault if the state file doesn't contains TotalBuildTimes
+ along CircuitBuildAbandonedCount being above 0. Fixes bug 40437;
+ bugfix on 0.3.5.1-alpha.
+
+ o Removed features:
+ - Remove the RendPostPeriod option. This was primarily used in
+ Version 2 Onion Services and after its deprecation isn't needed
+ anymore. Closes ticket 40431. Patch by Neel Chauhan.
+
+
Changes in version 0.4.7.13 - 2023-01-12
This version contains three major bugfixes, two for relays and one for
client being a security fix, TROVE-2022-002. We have added, for Linux, the
+++ /dev/null
- o Minor bugfixes (sandbox):
- - Fix sandbox support on AArch64 systems. More "*at" variants of syscalls
- are now supported. Signed 32 bit syscall parameters are checked more
- precisely, which should lead to lower likelihood of breakages with future
- compiler and libc releases. Fixes bug 40599; bugfix on 0.4.4.3-alpha.
+++ /dev/null
- o Minor feature (compilation):
- - Fix returning something other than "Unknown N/A" as libc version if we
- build tor on an O.S. like DragonFlyBSD, FreeBSD, OpenBSD or NetBSD.
+++ /dev/null
- o Removed features:
- - Remove the RendPostPeriod option. This was primarily used in Version 2
- Onion Services and after its deprecation isn't needed anymore. Closes
- ticket 40431. Patch by Neel Chauhan.
+++ /dev/null
- o Minor bugfixes (relay):
- - Remove a harmless "Bug" log message that can happen in
- relay_addr_learn_from_dirauth() on relays during startup. Finishes
- fixing bug 40231. Fixes bug 40523; bugfix on 0.4.5.4-rc.
+++ /dev/null
- o Major bugfixes (relay):
- - When opening a channel because of a circuit request that did not
- include an Ed25519 identity, record the Ed25519 identity that we
- actually received, so that we can use the channel for other circuit
- requests that _do_ list an Ed25519 identity.
- (Previously we had code to record this identity, but a logic bug
- caused it to be disabled.) Fixes bug 40563; bugfix on 0.3.0.1-alpha.
- Patch from "cypherpunks".
+++ /dev/null
- o Minor bugfixes (logging):
- - Demote a harmless warn log message about finding a second hop to from
- warn level to info level, if we do not have enough descriptors yet.
- Leave it at notice level for other cases. Fixes bug 40603;
- bugfix on 0.4.7.1-alpha.
+++ /dev/null
- o Minor bugfixes (logging):
- - Demote a notice log message about "Unexpected path length" to info
- level. These cases seem to happen arbitrarily, and we likely will
- never find all of them before the switch to arti. Fixes bug 40612;
- bugfix on 0.4.7.5-alpha.
+++ /dev/null
- o Minor bugfixes (logging):
- - Correct a log message when cleaning microdescriptors.
- Fixes bug 40619; bugfix on 0.2.5.4-alpha.
+++ /dev/null
- o Minor bugfixes (relay, logging):
- - Demote a harmless XOFF log message to from notice level to info level.
- Fixes bug 40620; bugfix on 0.4.7.5-alpha.
+++ /dev/null
- o Major bugfixes (congestion control, TROVE-2022-001):
- - Fix a scenario where RTT estimation can become wedged, seriously
- degrading congestion control performance on all circuits. This impacts
- clients, onion services, and relays, and can be triggered remotely by a
- malicious endpoint. Tracked as CVE-2022-33903. Fixes bug 40626; bugfix
- on 0.4.7.5-alpha.
+++ /dev/null
- o Major bugfixes (vanguards):
- - We had omitted some checks for whether our vanguards (second layer
- guards from proposal 333) overlapped. Now make sure to pick each
- of them to be independent. Also, change the design to allow them to
- come from the same family. Fixes bug 40639; bugfix on 0.4.7.1-alpha.
+++ /dev/null
- o Major bugfixes (congestion control):
- - Implement RFC3742 Limited Slow Start. Congestion control was
- overshooting the congestion window during slow start, particularly for
- onion service activity. With this fix, we now update the congestion
- window more often during slow start, as well as dampen the exponential
- growth when the congestion window grows above a capping parameter.
- This should reduce the memory increases guard relays were seeing, as
- well as allow us to set lower queue limits to defend against
- ongoing DoS attacks. Fixes bug 40642; bugfix on 0.4.7.5-alpha.
+++ /dev/null
- o Minor bugfixes (congestion control):
- - Add a check for an integer underflow condition that might
- happen in cases where the system clock is stopped, the
- ORconn is blocked, and the endpoint sends more than a
- congestion window worth of non-data control cells at once.
- This would cause a large congestion window to be calculated
- instead of a small one. No security impact. Fixes bug 40644;
- bugfix on 0.4.7.5-alpha.
+++ /dev/null
- o Minor bugfixes (defense in depth):
- - Change a test in the netflow padding code to make it more
- _obviously_ safe against remotely triggered crashes.
- (It was safe against these before, but not obviously so.)
- Fixes bug 40645; bugfix on 0.3.1.1-alpha.
+++ /dev/null
- o Minor bugfixes (relay overload statistics):
- - Count total create cells vs dropped create cells properly, when
- assessing if our fraction of dropped cells is too high. We only
- count non-client circuits in the denominator, but we would include
- client circuits in the numerator, leading to surprising log lines
- claiming that we had dropped more than 100% of incoming create
- cells. Fixes bug 40673; bugfix on 0.4.7.1-alpha.
+++ /dev/null
- o Major bugfixes (OSX):
- - Fix coarse-time computation on Apple platforms (like Mac M1) where
- the Mach absolute time ticks do not correspond directly to
- nanoseconds. Previously, we computed our shift value wrong, which
- led us to give incorrect timing results.
- Fixes bug 40684; bugfix on 0.3.3.1-alpha.
+++ /dev/null
- o Minor bugfixes (dirauth):
- - Directory authorities stop voting a consensus "Measured" weight
- for relays with the Authority flag. Now these relays will be
- considered unmeasured, which should reserve their bandwidth
- for their dir auth role and minimize distractions from other
- roles. In place of the "Measured" weight, they now include a
- "MeasuredButAuthority" weight (not used by anything) so the
- bandwidth authority's opinion on this relay can be recorded for
- posterity. Lastly, remove the AuthDirDontVoteOnDirAuthBandwidth
- torrc option which never worked right. Fixes bugs 40698 and 40700;
- bugfix on 0.4.7.2-alpha.
+++ /dev/null
- o Major bugfixes (congestion control):
- - Avoid incrementing the congestion window when the window is not
- fully in use. Thia prevents overshoot in cases where long periods
- of low activity would allow our congestion window to grow, and
- then get followed by a burst, which would cause queue overload.
- Also improve the increment checks for RFC3742. Fixes bug 40732;
- bugfix on 0.4.7.5-alpha.
+++ /dev/null
- o Minor bugfixes (metrics):
- - Decrement hs_intro_established_count on introduction circuit close. Fixes
- bug 40751; bugfix on 0.4.7.12.
+++ /dev/null
- o Minor features (fallbackdir):
- - Regenerate fallback directories generated on August 11, 2022.
+++ /dev/null
- o Minor features (fallbackdir):
- - Regenerate fallback directories generated on November 10, 2022.
+++ /dev/null
- o Minor features (fallbackdir):
- - Regenerate fallback directories generated on December 06, 2022.
+++ /dev/null
- o Minor features (fallbackdir):
- - Regenerate fallback directories generated on January 12, 2023.
+++ /dev/null
- o Minor features (fallbackdir):
- - Regenerate fallback directories generated on June 01, 2023.
+++ /dev/null
- o Minor features (tests):
- - Avoid needless key reinitialization with OpenSSL during unit tests,
- saving significant time. Patch from Alex Xu.
+++ /dev/null
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2022/08/11.
+++ /dev/null
- o Major bugfixes (geoip data):
- - IPFire informed us on August 12th that databases generated after
- (including) August 10th did not have proper ARIN network allocations. We
- are updating the database to use the one generated on August 9th, 2022.
- Fixes bug 40658; bugfix on 0.4.5.13.
+++ /dev/null
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2022/11/10.
+++ /dev/null
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2022/12/06.
+++ /dev/null
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2023/01/12.
+++ /dev/null
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2023/06/01.
+++ /dev/null
- o Minor features (relays):
- - Set the Linux-specific IP_BIND_ADDRESS_NO_PORT option on outgoing
- sockets, allowing relays using OutboundBindAddress to make more outgoing
- connections than ephemeral ports, as long as they are to separate
- destinations. Related to issue 40597; patch by Alex Xu (Hello71).
+++ /dev/null
- o Minor features (relays):
- - Trigger OOS when bind fails with EADDRINUSE. This improves fairness when
- a large number of exit connections are requested, and properly signals
- exhaustion to the network. Fixes issue 40597; patch by Alex Xu (Hello71).
+++ /dev/null
- o Code simplifications and refactoring:
- - Rely on actual error returned by the kernel when choosing what resource
- exhaustion to log. Fixes issue 40613; Fix on tor-0.4.6.1-alpha.
+++ /dev/null
- o Minor features (portability, compilation):
- - Use OpenSSL 1.1 APIs for LibreSSL, fixing LibreSSL 3.5 compatibility.
- Fixes issue 40630; patch by Alex Xu (Hello71).
+++ /dev/null
- o Minor bugfixes (logging):
- - Avoid ""double-quoting"" strings in several log messages.
- Fixes bug 22723; bugfix on 0.1.2.2-alpha.
+++ /dev/null
- o Minor features (directory authority):
- - Add a new consensus method in which the "published" times on router
- entries in a microdesc consensus are all set to a meaningless fixed
- date. Doing this will make the download size for compressed microdesc
- consensus diffs much smaller.
- Part of ticket 40130; implements proposal 275.
-
- o Minor features (network documents):
- - Clients and relays no longer track the "published on" time declared
- for relays in any consensus documents. When reporting this time on
- the control port, they instead report a fixed date in the future.
- Part of ticket 40130.
+++ /dev/null
- o Minor features (pluggable transports):
- - Automatically restart managed Pluggable Transport processes when their
- process terminate. Resolves ticket 33669.
+++ /dev/null
- o Minor feature (relay, metrics):
- - Add counters to the MetricsPort how many connections, per type, are
- currently opened and how many were created. Part of ticket 40194.
- - Add total number of streams seen by an Exit to the MetricsPort.
- - Add congestion control RTT reset counter to MetricsPort.
- - Add DoS defenses counter to MetricsPort.
- - Add relay flags from the consensus to the MetricsPort.
- - Add total number of opened circuits to MetricsPort.
- - Add traffic stats as in number of read/written bytes in total.
+++ /dev/null
- o Minor bugfixes (state file):
- - Avoid a segfault if the state file doesn't contains TotalBuildTimes along
- CircuitBuildAbandonedCount being above 0. Fixes bug 40437; bugfix on
- 0.3.5.1-alpha.
+++ /dev/null
- o Minor feature (MetricsPort, relay):
- - Expose time until online keys expires on the MetricsPort. Closes ticket
- 40546.
+++ /dev/null
- o Major features (conflux):
- - Implement Proposal 329 (conflux traffic splitting). Conflux splits
- traffic across two circuits to Exits that support the protocol.
- These circuits are pre-built only, which means that if the pre-built
- conflux pool runs out, regular circuits will then be used.
-
- When using conflux circuit pairs, clients choose the lower-latency
- circuit to send data to the Exit. When the Exit sends data to the
- client, it maximizes throughput, by fully utilizing both circuits in a
- multiplexed fashion. Alternatively, clients can request that the Exit
- optimize for latency when transmitting to them, by setting the torrc
- option 'ConfluxClientUX latency'.
-
- Onion services are not currently supported, but will be in arti. Many
- other future optimizations will also be possible using this protocol.
- Closes ticket 40593.
+++ /dev/null
- o Minor bugfixes (pluggable transports, windows):
- - Remove a warning `BUG()` that could occur when attempting to execute a
- non-existing pluggable transport on Windows. Fixes bug 40596; bugfix on
- 0.4.0.1-alpha.
+++ /dev/null
- o Minor bugfixes (linux seccomp2 sandbox):
- - Allow the rseq system call in the sandbox. This solves a crash issue with
- glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug 40601; bugfix on
- 0.3.5.11.
+++ /dev/null
- o Major bugfixes (relay):
- - Remove OR connections btrack subsystem entries when the connections
- closes normally. Before this, we would only close it on error and thus
- leaking memory for each normal OR connections. Fixes bug 40604; bugfix
- on 0.4.0.1-alpha.
+++ /dev/null
- o Major bugfixes (relay):
- - Stop sending TRUNCATED cell and instead close the circuits which sends a
- DESTROY cell so every relay in the circuit path can stop queuing cells.
- Fixes bug 40623; bugfix on 0.1.0.2-rc.
+++ /dev/null
- o Major features (onion services):
- - Proof-of-work client puzzles for DoS mitigation, from proposal 327.
- Closes ticket 40634.
\ No newline at end of file
+++ /dev/null
- o Minor bugfixes (relay):
- - Remove a "BUG" warning for an acceptable race between a circuit close
- and considering that circuit active. Fixes bug 40647; bugfix on
- 0.3.5.1-alpha.
+++ /dev/null
- o Code simplification and refactoring (bridges):
- - Remove unused code related to ExtPort connection ID. Fixes bug 40648;
- bugfix on 0.3.5.1-alpha.
+++ /dev/null
- o Minor bugfixes (relay):
- - Do not propagate either forward or backward a DESTROY remote reason when
- closing a circuit so to avoid a possible side channel. Fixes bug 40649;
- bugfix on 0.1.2.4-alpha.
+++ /dev/null
- o Minor features (dirauth):
- - Add an AuthDirVoteGuard torrc option that can allow authorities to
- assign the Guard flag to the given fingerprints/country code/IPs. This
- is a needed feature mostly for defense purposes in case a DoS hits the
- network and relay start losing the Guard flags too fast.
- - Make UPTIME_TO_GUARANTEE_STABLE, MTBF_TO_GUARANTEE_STABLE,
- TIME_KNOWN_TO_GUARANTEE_FAMILIAR WFU_TO_GUARANTEE_GUARD tunable from
- torrc.
- - Add a torrc option to control the Guard flag bandwidth threshold
- percentile. Closes ticket 40652.
+++ /dev/null
- o Minor bugfixes (authorities, sandbox):
- - Allow to write file my-consensus-<flavor-name> to disk when sandbox is
- activated. Fixes bug 40663; bugfix on 0.3.5.1-alpha.
+++ /dev/null
- o Minor feature (authority):
- - Reject 0.4.6.x series at the authority level. Closes ticket 40664.
-
+++ /dev/null
- o Major bugfixes (relay):
- - Improve security of our DNS cache by randomly clipping the TTL value.
- TROVE-2021-009. Fixes bug 40674; bugfix on 0.3.5.1-alpha.
+++ /dev/null
- o Minor feature (relay, DoS):
- - Apply circuit creation anti-DoS defenses if the outbound circuit max cell
- queue size is reached too many times. This introduces two new consensus
- parameters to control the queue size limit and number of times allowed to
- go over that limit. Close ticket 40680.
-
+++ /dev/null
- o Minor feature (Mac and iOS build):
- - Change how combine_libs works on Darwin like platforms to
- make sure we don't include any `__.SYMDEF` and `__.SYMDEF SORTED`
- symbols on the archive before we repack and run ${RANLIB} on the
- archive. This fixes a build issue with recent Xcode versions on
- Mac Silicon and iOS. Closes ticket 40683.
+++ /dev/null
- o Directory authority changes (dizum):
- - Change dizum IP address. Closes ticket 40687.
+++ /dev/null
- o Directory authority changes (Faravahar):
- - Remove Faravahar until its operator, Sina, set it back up online outside
- of Team Cymru network. Closes ticket 40688.
+++ /dev/null
- o Minor features (relay):
- - Do not warn about configuration options that may expose a non-anonymous
- onion service. Closes ticket 40691.
+++ /dev/null
- o Minor bugfixes (onion service client):
- - A collapsing onion service circuit should be seen as an "unreachable"
- error so it can be retried. Fixes bug 40692; bugfix on 0.3.5.1-alpha.
+++ /dev/null
- o Major bugfixes (onion service):
- - Set a much higher circuit build timeout for opened client rendezvous
- circuit. Before this, tor would time them out very quickly leading to many
- unnecessary retries and thus more load on the network. Fixes bug 40694;
- bugfix on 0.3.5.1-alpha.
+++ /dev/null
- o Minor bugfixes (onion service):
- - Make the service retry a rendezvous if the circuit is being repurposed for
- measurements. Fixes bug 40696; bugfix on 0.3.5.1-alpha.
+++ /dev/null
- o Minor feature (performance):
- - Bump the maximum amount of CPU to use from 16 to 128. Note that NumCPUs
- torrc option overrides this hardcoded maximum. Fixes bug 40703; bugfix on
- 0.3.5.1-alpha.
+++ /dev/null
- o Minor feature (relay):
- - Two new consensus parameters are added to control the wait time in queue
- of the onionskins. One of them is the torrc MaxOnionQueueDelay options
- which supersedes the consensus parameter. Closes ticket 40704.
- - Change a hardcoded value for the maximum of per CPU tasks into a
- consensus parameter.
+++ /dev/null
- o Major features (dirauth):
- - Directory authorities and relays now interact properly with
- directory authorities if they change addresses. In the past, they
- would continue to upload votes, signatures, descriptors, etc to
- the hard-coded address in the configuration. Now, if the directory
- authority is listed in the consensus at a different address, they
- will direct queries to this new address. Implements ticket 40705.
+++ /dev/null
- o Minor feature (metrics):
- - Add various congestion control counters to the MetricsPort. Closes ticket
- 40708.
+++ /dev/null
- o Minor feature (cpuworker):
- - Always use the number of threads for our CPU worker pool to the number of
- core available but cap it to a minimum of 2 in case of a single core.
- Fixes bug 40713; bugfix on 0.3.5.1-alpha.
+++ /dev/null
- o Minor bugfixes (cpuworker, relay):
- - Fix an off by one overload calculation on the number of CPUs being used by
- our thread pool. Fixes bug 40719; bugfix on 0.3.5.1-alpha.
+++ /dev/null
- o Directory authority changes (moria1):
- - Rotate the relay identity key and v3 identity key for moria1. They
- have been online for more than a decade and refreshing keys
- periodically is good practice. Advertise new ports too, to avoid
- confusion. Closes ticket 40722.
+++ /dev/null
- o Minor feature (Congestion control metrics):
- - Add additional metricsport relay metrics for congestion control.
- Closes ticket 40724.
+++ /dev/null
- o Minor bugfixes (relay, metrics):
- - Fix typo in a congestion control label on the MetricsPort. Fixes bug
- 40727; bugfix on 0.4.7.12.
+++ /dev/null
- o Minor bugfixes (sandbox, authority):
- - With the sandbox enabled, allow to write "my-consensus-{ns|microdesc}" and
- to rename them as well. Fixes bug 40729; bugfix on 0.3.5.1-alpha.
+++ /dev/null
- o Major bugfixes (TROVE-2022-002, client):
- - The SafeSocks option had its logic inverted for SOCKS4 and SOCKS4a. It
- would let the unsafe SOCKS4 pass but not the safe SOCKS4a one. This is
- TROVE-2022-002 which was reported on Hackerone by "cojabo". Fixes bug
- 40730; bugfix on 0.3.5.1-alpha.
+++ /dev/null
- o Minor feature (lzma):
- - Fix compiler warnings for liblzma >= 5.3.1. Closes ticket 40741.
+++ /dev/null
- o Minor bugfix (relay, logging):
- - The wrong max queue cell size was used in a protocol warning logging
- statement. Fixes bug 40745; bugfix on 0.4.7.1-alpha.
+++ /dev/null
- o Minor features (directory authorities):
- - Directory authorities now include their AuthDirMaxServersPerAddr
- config option in the consensus parameter section of their vote. Now
- external tools can better predict how they will behave. Implements
- ticket 40753.
+++ /dev/null
- o Minor features (metrics):
- - Add service side metrics for REND and introduction request failures.
- Closes ticket 40755.
+++ /dev/null
- o Minor features (metrics):
- - Add support for histograms.
- Part of ticket 40757.
- o Minor features (hs, metrics):
- - Add tor_hs_rend_circ_build_time and tor_hs_intro_circ_build_time
- histograms to measure hidden service rend/intro circuit build time
- durations.
- Part of ticket 40757.
+++ /dev/null
- o Minor features (metrics):
- - Add a `reason` label to the HS error metrics.
- Closes ticket 40758.
+++ /dev/null
- o Minor feature (authority):
- - Reject 0.4.5.x series at the authority level. Closes ticket 40760.
-
+++ /dev/null
- o Minor feature (client, IPv6):
- - Make client able to pick IPv6 relays by default now meaning ClientUseIPv6
- option now defaults to 1. Closes ticket 40785.
-
+++ /dev/null
- o Minor feature (MetricsPort, relay, onion service):
- - Add metrics for the relay side onion service interactions counting
- seen cells. Closes ticket 40797. Patch by "friendly73".
-
+++ /dev/null
- o Minor bugfixes (sandbox):
- - Allow membarrier for the sandbox. And allow rt_sigprocmask when compiled
- with LTTng. Fixes bug 40799; bugfix on 0.3.5.1-alpha.
-
- o Minor feature (CI):
- - Update CI to use Debian Bullseye for runners.
projects / thirdparty / tor.git / commitdiff
