./net/tor, Anonymizing overlay network for TCP

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.4.4.5nb1, Package name: tor-0.4.4.5nb1, Maintainer: pkgsrc-users

The simple version: Tor provides a distributed network of servers ("onion
routers"). Users bounce their TCP streams (web traffic, FTP, SSH, etc.) around
the routers. This makes it hard for recipients, observers, and even the onion
routers themselves to track the source of the stream.

The complex version: Onion Routing is a connection-oriented anonymizing
communication service. Users choose a source-routed path through a set of
nodes, and negotiate a "virtual circuit" through the network, in which each
node knows its predecessor and successor, but no others. Traffic flowing down
the circuit is unwrapped by a symmetric key at each node, which reveals the
downstream node.


Required to run:
[security/openssl] [devel/libevent] [archivers/zstd]

Required to build:
[textproc/asciidoc] [pkgtools/cwrappers]

Package options: doc

Master sites:

SHA1: f5a4ef9d51c9f9b7a9666a8c667162cc4ff562ec
RMD160: a39f09ed99df8572f19adf12df41fcf94f90d7e3
Filesize: 7625.68 KB

Version history: (Expand)


CVS history: (Expand)


   2020-09-19 20:22:01 by Leonardo Taccari | Files touched by this commit (2)
Log message:
tor: disable backtrace(3) support on netbsd-9 evbarm

backtrace(3) does not work on netbsd-9 ending up in a SIGSEGV and tor
process hanging forever (a simple way to reproduce without configuring
tor is just invoking tor via `tor --version').

Workaround for PR port-evbarm/55669.

PKGREVISION++
   2020-09-15 21:12:55 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor: update to 0.4.4.5.

Changes in version 0.4.4.5 - 2020-09-15
  Tor 0.4.4.5 is the first stable release in the 0.4.4.x series. This
  series improves our guard selection algorithms, adds v3 onion balance
  support, improves the amount of code that can be disabled when running
  without relay support, and includes numerous small bugfixes and
  enhancements. It also lays the ground for some IPv6 features that
  we'll be developing more in the next (0.4.5) series.

  Per our support policy, we support each stable release series for nine
  months after its first stable release, or three months after the first
  stable release of the next series: whichever is longer. This means
  that 0.4.4.x will be supported until around June 2021--or later, if
  0.4.5.x is later than anticipated.

  Note also that support for 0.4.2.x has just ended; support for 0.4.3
  will continue until Feb 15, 2021. We still plan to continue supporting
  0.3.5.x, our long-term stable series, until Feb 2022.

  o Major features (Proposal 310, performance + security):
    - Implements Proposal 310, "Bandaid on guard selection". Proposal
      310 solves load-balancing issues with older versions of the guard
      selection algorithm, and improves its security. Under this new
      algorithm, a newly selected guard never becomes Primary unless all
      previously sampled guards are unreachable. Implements
      recommendation from 32088. (Proposal 310 is linked to the CLAPS
      project researching optimal client location-aware path selections.
      This project is a collaboration between the UCLouvain Crypto Group,
      the U.S. Naval Research Laboratory, and Princeton University.)

  o Major features (fallback directory list):
    - Replace the 148 fallback directories originally included in Tor
      0.4.1.4-rc (of which around 105 are still functional) with a list
      of 144 fallbacks generated in July 2020. Closes ticket 40061.

  o Major features (IPv6, relay):
    - Consider IPv6-only EXTEND2 cells valid on relays. Log a protocol
      warning if the IPv4 or IPv6 address is an internal address, and
      internal addresses are not allowed. But continue to use the other
      address, if it is valid. Closes ticket 33817.
    - If a relay can extend over IPv4 and IPv6, and both addresses are
      provided, it chooses between them uniformly at random. Closes
      ticket 33817.
    - Re-use existing IPv6 connections for circuit extends. Closes
      ticket 33817.
    - Relays may extend circuits over IPv6, if the relay has an IPv6
      ORPort, and the client supplies the other relay's IPv6 ORPort in
      the EXTEND2 cell. IPv6 extends will be used by the relay IPv6
      ORPort self-tests in 33222. Closes ticket 33817.

  o Major features (v3 onion services):
    - Allow v3 onion services to act as OnionBalance backend instances,
      by using the HiddenServiceOnionBalanceInstance torrc option.
      Closes ticket 32709.

  o Major bugfixes (NSS):
    - When running with NSS enabled, make sure that NSS knows to expect
      nonblocking sockets. Previously, we set our TCP sockets as
      nonblocking, but did not tell NSS, which in turn could lead to
      unexpected blocking behavior. Fixes bug 40035; bugfix
      on 0.3.5.1-alpha.

  o Major bugfixes (onion services, DoS):
    - Correct handling of parameters for the onion service DoS defense.
      Previously, the consensus parameters for the onion service DoS
      defenses were overwriting the parameters set by the service
      operator using HiddenServiceEnableIntroDoSDefense. Fixes bug
      40109; bugfix on 0.4.2.1-alpha.

  o Major bugfixes (stats, onion services):
    - Fix a bug where we were undercounting the Tor network's total
      onion service traffic, by ignoring any traffic originating from
      clients. Now we count traffic from both clients and services.
      Fixes bug 40117; bugfix on 0.2.6.2-alpha.

  o Minor features (security):
    - Channels using obsolete versions of the Tor link protocol are no
      longer allowed to circumvent address-canonicity checks. (This is
      only a minor issue, since such channels have no way to set ed25519
      keys, and therefore should always be rejected for circuits that
      specify ed25519 identities.) Closes ticket 40081.

  o Minor features (bootstrap reporting):
    - Report more detailed reasons for bootstrap failure when the
      failure happens due to a TLS error. Previously we would just call
      these errors "MISC" when they happened during read, and \ 
"DONE"
      when they happened during any other TLS operation. Closes
      ticket 32622.

  o Minor features (client-only compilation):
    - Disable more code related to the ext_orport protocol when
      compiling without support for relay mode. Closes ticket 33368.
    - Disable more of our self-testing code when support for relay mode
      is disabled. Closes ticket 33370.
    - Most server-side DNS code is now disabled when building without
      support for relay mode. Closes ticket 33366.

  o Minor features (code safety):
    - Check for failures of tor_inet_ntop() and tor_inet_ntoa()
      functions in DNS and IP address processing code, and adjust
      codepaths to make them less likely to crash entire Tor instances.
      Resolves issue 33788.

  o Minor features (continuous integration):
    - Run unit-test and integration test (Stem, Chutney) jobs with
      ALL_BUGS_ARE_FATAL macro being enabled on Travis and Appveyor.
      Resolves ticket 32143.

  o Minor features (control port):
    - If a ClientName was specified in ONION_CLIENT_AUTH_ADD for an
      onion service, display it when we use ONION_CLIENT_AUTH_VIEW.
      Closes ticket 40089. Patch by Neel Chauhan.
    - Return a descriptive error message from the 'GETINFO status/fresh-
      relay-descs' command on the control port. Previously, we returned
      a generic error of "Error generating descriptor". Closes ticket
      32873. Patch by Neel Chauhan.

  o Minor features (defense in depth):
    - Wipe more data from connection address fields before returning
      them to the memory heap. Closes ticket 6198.

  o Minor features (denial-of-service memory limiter):
    - Allow the user to configure even lower values for the
      MaxMemInQueues parameter. Relays now enforce a minimum of 64 MB,
      when previously the minimum was 256 MB. On clients, there is no
      minimum. Relays and clients will both warn if the value is set so
      low that Tor is likely to stop working. Closes ticket 24308.

  o Minor features (developer tooling):
    - Add a script to help check the alphabetical ordering of option
      names in the manual page. Closes ticket 33339.
    - Refrain from listing all .a files that are generated by the Tor
      build in .gitignore. Add a single wildcard *.a entry that covers
      all of them for present and future. Closes ticket 33642.
    - Add a script ("git-install-tools.sh") to install git hooks and
      helper scripts. Closes ticket 33451.

  o Minor features (directory authority):
    - Authorities now recommend the protocol versions that are supported
      by Tor 0.3.5 and later. (Earlier versions of Tor have been
      deprecated since January of this year.) This recommendation will
      cause older clients and relays to give a warning on startup, or
      when they download a consensus directory. Closes ticket 32696.

  o Minor features (directory authority, shared random):
    - Refactor more authority-only parts of the shared-random scheduling
      code to reside in the dirauth module, and to be disabled when
      compiling with --disable-module-dirauth. Closes ticket 33436.

  o Minor features (directory):
    - Remember the number of bytes we have downloaded for each directory
      purpose while bootstrapping, and while fully bootstrapped. Log
      this information as part of the heartbeat message. Closes
      ticket 32720.

  o Minor features (entry guards):
    - Reinstate support for GUARD NEW/UP/DOWN control port events.
      Closes ticket 40001.

  o Minor features (IPv6 support):
    - Adds IPv6 support to tor_addr_is_valid(). Adds tests for the above
      changes and tor_addr_is_null(). Closes ticket 33679. Patch
      by MrSquanchee.
    - Allow clients and relays to send dual-stack and IPv6-only EXTEND2
      cells. Parse dual-stack and IPv6-only EXTEND2 cells on relays.
      Closes ticket 33901.

  o Minor features (linux seccomp2 sandbox, portability):
    - Allow Tor to build on platforms where it doesn't know how to
      report which syscall caused the linux seccomp2 sandbox to fail.
      This change should make the sandbox code more portable to less
      common Linux architectures. Closes ticket 34382.
    - Permit the unlinkat() syscall, which some Libc implementations use
      to implement unlink(). Closes ticket 33346.

  o Minor features (logging):
    - When trying to find our own address, add debug-level logging to
      report the sources of candidate addresses. Closes ticket 32888.

  o Minor features (onion service client, SOCKS5):
    - Add 3 new SocksPort ExtendedErrors (F2, F3, F7) that reports back
      new type of onion service connection failures. The semantics of
      these error codes are documented in proposal 309. Closes
      ticket 32542.

  o Minor features (onion service v3):
    - If a service cannot upload its descriptor(s), log why at INFO
      level. Closes ticket 33400; bugfix on 0.3.2.1-alpha.

  o Minor features (python scripts):
    - Stop assuming that /usr/bin/python exists. Instead of using a
      hardcoded path in scripts that still use Python 2, use
      /usr/bin/env, similarly to the scripts that use Python 3. Fixes
      bug 33192; bugfix on 0.4.2.

  o Minor features (testing, architecture):
    - Our test scripts now double-check that subsystem initialization
      order is consistent with the inter-module dependencies established
      by our .may_include files. Implements ticket 31634.
    - Initialize all subsystems at the beginning of our unit test
      harness, to avoid crashes due to uninitialized subsystems. Follow-
      up from ticket 33316.
    - Our "make check" target now runs the unit tests in 8 parallel
      chunks. Doing this speeds up hardened CI builds by more than a
      factor of two. Closes ticket 40098.

  o Minor features (v3 onion services):
    - Add v3 onion service status to the dumpstats() call which is
      triggered by a SIGUSR1 signal. Previously, we only did v2 onion
      services. Closes ticket 24844. Patch by Neel Chauhan.

  o Minor features (windows):
    - Add support for console control signals like Ctrl+C in Windows.
      Closes ticket 34211. Patch from Damon Harris (TheDcoder).

  o Minor bugfixes (control port, onion service):
    - Consistently use 'address' in "Invalid v3 address" response to
      ONION_CLIENT_AUTH commands. Previously, we would sometimes say
      'addr'. Fixes bug 40005; bugfix on 0.4.3.1-alpha.

  o Minor bugfixes (correctness, buffers):
    - Fix a correctness bug that could cause an assertion failure if we
      ever tried using the buf_move_all() function with an empty input
      buffer. As far as we know, no released versions of Tor do this.
      Fixes bug 40076; bugfix on 0.3.3.1-alpha.

  o Minor bugfixes (directory authorities):
    - Directory authorities now reject votes that arrive too late. In
      particular, once an authority has started fetching missing votes,
      it no longer accepts new votes posted by other authorities. This
      change helps prevent a consensus split, where only some authorities
      have the late vote. Fixes bug 4631; bugfix on 0.2.0.5-alpha.

  o Minor bugfixes (git scripts):
    - Stop executing the checked-out pre-commit hook from the pre-push
      hook. Instead, execute the copy in the user's git directory. Fixes
      bug 33284; bugfix on 0.4.1.1-alpha.

  o Minor bugfixes (initialization):
    - Initialize the subsystems in our code in an order more closely
      corresponding to their dependencies, so that every system is
      initialized before the ones that (theoretically) depend on it.
      Fixes bug 33316; bugfix on 0.4.0.1-alpha.

  o Minor bugfixes (IPv4, relay):
    - Check for invalid zero IPv4 addresses and ports when sending and
      receiving extend cells. Fixes bug 33900; bugfix on 0.2.4.8-alpha.

  o Minor bugfixes (IPv6, relay):
    - Consider IPv6 addresses when checking if a connection is
      canonical. In 17604, relays assumed that a remote relay could
      consider an IPv6 connection canonical, but did not set the
      canonical flag on their side of the connection. Fixes bug 33899;
      bugfix on 0.3.1.1-alpha.
    - Log IPv6 addresses on connections where this relay is the
      responder. Previously, responding relays would replace the remote
      IPv6 address with the IPv4 address from the consensus. Fixes bug
      33899; bugfix on 0.3.1.1-alpha.

  o Minor bugfixes (linux seccomp2 sandbox):
    - Fix a regression on sandboxing rules for the openat() syscall. The
      fix for bug 25440 fixed the problem on systems with glibc >= 2.27
      but broke with versions of glibc. We now choose a rule based on
      the glibc version. Patch from Daniel Pinto. Fixes bug 27315;
      bugfix on 0.3.5.11.
    - Makes the seccomp sandbox allow the correct syscall for opendir
      according to the running glibc version. This fixes crashes when
      reloading torrc with sandbox enabled when running on glibc 2.15 to
      2.21 and 2.26. Patch from Daniel Pinto. Fixes bug 40020; bugfix
      on 0.3.5.11.

  o Minor bugfixes (logging, testing):
    - Make all of tor's assertion macros support the ALL_BUGS_ARE_FATAL
      and DISABLE_ASSERTS_IN_UNIT_TESTS debugging modes. (IF_BUG_ONCE()
      used to log a non-fatal warning, regardless of the debugging
      mode.) Fixes bug 33917; bugfix on 0.2.9.1-alpha.
    - Remove surprising empty line in the INFO-level log about circuit
      build timeout. Fixes bug 33531; bugfix on 0.3.3.1-alpha.

  o Minor bugfixes (mainloop):
    - Better guard against growing a buffer past its maximum 2GB in
      size. Fixes bug 33131; bugfix on 0.3.0.4-rc.

  o Minor bugfixes (onion service v3 client):
    - Remove a BUG() warning that could occur naturally. Fixes bug
      34087; bugfix on 0.3.2.1-alpha.

  o Minor bugfixes (onion service, logging):
    - Fix a typo in a log message PublishHidServDescriptors is set to 0.
      Fixes bug 33779; bugfix on 0.3.2.1-alpha.

  o Minor bugfixes (onion services v3):
    - Avoid a non-fatal assertion failure in certain edge-cases when
      opening an intro circuit as a client. Fixes bug 34084; bugfix
      on 0.3.2.1-alpha.

  o Minor bugfixes (protocol versions):
    - Sort tor's supported protocol version lists, as recommended by the
      tor directory specification. Fixes bug 33285; bugfix
      on 0.4.0.1-alpha.

  o Minor bugfixes (rate limiting, bridges, pluggable transports):
    - On a bridge, treat all connections from an ExtORPort as remote by
      default for the purposes of rate-limiting. Previously, bridges
      would treat the connection as local unless they explicitly
      received a "USERADDR" command. ExtORPort connections still count
      as local if there is a USERADDR command with an explicit local
      address. Fixes bug 33747; bugfix on 0.2.5.1-alpha.

  o Minor bugfixes (refactoring):
    - Lift circuit_build_times_disabled() out of the
      circuit_expire_building() loop, to save CPU time when there are
      many circuits open. Fixes bug 33977; bugfix on 0.3.5.9.

  o Minor bugfixes (relay, self-testing):
    - When starting up as a relay, if we haven't been able to verify
      that we're reachable, only launch reachability tests at most once
      a minute. Previously, we had been launching tests up to once a
      second, which was needlessly noisy. Fixes bug 40083; bugfix
      on 0.2.8.1-alpha.

  o Minor bugfixes (relay, usability):
    - Adjust the rules for when to warn about having too many
      connections to other relays. Previously we'd tolerate up to 1.5
      connections per relay on average. Now we tolerate more connections
      for directory authorities, and raise the number of total
      connections we need to see before we warn. Fixes bug 33880; bugfix
      on 0.3.1.1-alpha.

  o Minor bugfixes (SOCKS, onion service client):
    - Detect v3 onion service addresses of the wrong length when
      returning the F6 ExtendedErrors code. Fixes bug 33873; bugfix
      on 0.4.3.1-alpha.

  o Minor bugfixes (tests):
    - Fix the behavior of the rend_cache/clean_v2_descs_as_dir when run
      on its own. Previously, it would exit with an error. Fixes bug
      40099; bugfix on 0.2.8.1-alpha.

  o Minor bugfixes (v3 onion services):
    - Remove a BUG() warning that could trigger in certain unlikely
      edge-cases. Fixes bug 34086; bugfix on 0.3.2.1-alpha.
    - Remove a BUG() that was causing a stacktrace when a descriptor
      changed at an unexpected time. Fixes bug 28992; bugfix
      on 0.3.2.1-alpha.

  o Minor bugfixes (windows):
    - Fix a bug that prevented Tor from starting if its log file grew
      above 2GB. Fixes bug 31036; bugfix on 0.2.1.8-alpha.

  o Code simplification and refactoring:
    - Define and use a new constant TOR_ADDRPORT_BUF_LEN which is like
      TOR_ADDR_BUF_LEN but includes enough space for an IP address,
      brackets, separating colon, and port number. Closes ticket 33956.
      Patch by Neel Chauhan.
    - Merge the orconn and ocirc events into the "core" subsystem, which
      manages or connections and origin circuits. Previously they were
      isolated in subsystems of their own.
    - Move LOG_PROTOCOL_WARN to app/config. Resolves a dependency
      inversion. Closes ticket 33633.
    - Move the circuit extend code to the relay module. Split the
      circuit extend function into smaller functions. Closes
      ticket 33633.
    - Rewrite port_parse_config() to use the default port flags from
      port_cfg_new(). Closes ticket 32994. Patch by MrSquanchee.
    - Updated comments in 'scheduler.c' to reflect old code changes, and
      simplified the scheduler channel state change code. Closes
      ticket 33349.
    - Refactor configuration parsing to use the new config subsystem
      code. Closes ticket 33014.
    - Move a series of functions related to address resolving into their
      own files. Closes ticket 33789.

  o Documentation:
    - Replace most http:// URLs in our code and documentation with
      https:// URLs. (We have left unchanged the code in src/ext/, and
      the text in LICENSE.) Closes ticket 31812. Patch from Jeremy Rand.
    - Document the limitations of using %include on config files with
      seccomp sandbox enabled. Fixes documentation bug 34133; bugfix on
      0.3.1.1-alpha. Patch by Daniel Pinto.

  o Removed features:
    - Our "check-local" test target no longer tries to use the
      Coccinelle semantic patching tool parse all the C files. While it
      is a good idea to try to make sure Coccinelle works on our C
      before we run a Coccinelle patch, doing so on every test run has
      proven to be disruptive. You can still run this tool manually with
      "make check-cocci". Closes ticket 40030.
    - Remove the ClientAutoIPv6ORPort option. This option attempted to
      randomly choose between IPv4 and IPv6 for client connections, and
      wasn't a true implementation of Happy Eyeballs. Often, this option
      failed on IPv4-only or IPv6-only connections. Closes ticket 32905.
      Patch by Neel Chauhan.
    - Stop shipping contrib/dist/rc.subr file, as it is not being used
      on FreeBSD anymore. Closes issue 31576.

  o Testing:
    - Add a basic IPv6 test to "make test-network". This test only runs
      when the local machine has an IPv6 stack. Closes ticket 33300.
    - Add test-network-ipv4 and test-network-ipv6 jobs to the Makefile.
      These jobs run the IPv4-only and dual-stack chutney flavours from
      test-network-all. Closes ticket 33280.
    - Remove a redundant distcheck job. Closes ticket 33194.
    - Run the test-network-ipv6 Makefile target in the Travis CI IPv6
      chutney job. This job runs on macOS, so it's a bit slow. Closes
      ticket 33303.
    - Sort the Travis jobs in order of speed. Putting the slowest jobs
      first takes full advantage of Travis job concurrency. Closes
      ticket 33194.
    - Stop allowing the Chutney IPv6 Travis job to fail. This job was
      previously configured to fast_finish (which requires
      allow_failure), to speed up the build. Closes ticket 33195.
    - Test v3 onion services to tor's mixed IPv4 chutney network. And
      add a mixed IPv6 chutney network. These networks are used in the
      test-network-all, test-network-ipv4, and test-network-ipv6 make
      targets. Closes ticket 33334.
    - Use the "bridges+hs-v23" chutney network flavour in "make test-
      network". This test requires a recent version of chutney (mid-
      February 2020). Closes ticket 28208.
    - When a Travis chutney job fails, use chutney's new "diagnostics.sh"
      tool to produce detailed diagnostic output. Closes ticket 32792.

  o Deprecated features (onion service v2):
    - Add a deprecation warning for version 2 onion services. Closes
      ticket 40003.

  o Documentation (manual page):
    - Add cross reference links and a table of contents to the HTML tor
      manual page. Closes ticket 33369. Work by Swati Thacker as part of
      Google Season of Docs.
    - Alphabetize the Denial of Service Mitigation Options, Directory
      Authority Server Options, Hidden Service Options, and Testing
      Network Options sections of the tor(1) manual page. Closes ticket
      33275. Work by Swati Thacker as part of Google Season of Docs.
    - Refrain from mentioning nicknames in manpage section for MyFamily
      torrc option. Resolves issue 33417.
    - Updated the options set by TestingTorNetwork in the manual page.
      Closes ticket 33778.
   2020-08-31 20:13:29 by Thomas Klausner | Files touched by this commit (3631) | Package updated
Log message:
*: bump PKGREVISION for perl-5.32.
   2020-07-09 20:08:43 by Leonardo Taccari | Files touched by this commit (3) | Package updated
Log message:
tor: Update to 0.4.3.6

pkgsrc changes:
 - Remove patch-configure: applied upstream

Changes:
Changes in version 0.4.3.6 - 2020-07-09
  Tor 0.4.3.6 backports several bugfixes from later releases, including
  some affecting usability.

  This release also fixes TROVE-2020-001, a medium-severity denial of
  service vulnerability affecting all versions of Tor when compiled with
  the NSS encryption library. (This is not the default configuration.)
  Using this vulnerability, an attacker could cause an affected Tor
  instance to crash remotely. This issue is also tracked as CVE-2020-
  15572. Anybody running a version of Tor built with the NSS library
  should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha
  or later.

  o Major bugfixes (NSS, security, backport from 0.4.4.2-alpha):
    - Fix a crash due to an out-of-bound memory access when Tor is
      compiled with NSS support. Fixes bug 33119; bugfix on
      0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001
      and CVE-2020-15572.

  o Minor bugfix (CI, Windows, backport from 0.4.4.2-alpha):
    - Use the correct 64-bit printf format when compiling with MINGW on
      Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha.

  o Minor bugfixes (client performance, backport from 0.4.4.1-alpha):
    - Resume use of preemptively-built circuits when UseEntryGuards is set
      to 0. We accidentally disabled this feature with that config
      setting, leading to slower load times. Fixes bug 34303; bugfix
      on 0.3.3.2-alpha.

  o Minor bugfixes (compiler warnings, backport from 0.4.4.2-alpha):
    - Fix a compiler warning on platforms with 32-bit time_t values.
      Fixes bug 40028; bugfix on 0.3.2.8-rc.

  o Minor bugfixes (linux seccomp sandbox, nss, backport from 0.4.4.1-alpha):
    - Fix a startup crash when tor is compiled with --enable-nss and
      sandbox support is enabled. Fixes bug 34130; bugfix on
      0.3.5.1-alpha. Patch by Daniel Pinto.

  o Minor bugfixes (logging, backport from 0.4.4.2-alpha):
    - Downgrade a noisy log message that could occur naturally when
      receiving an extrainfo document that we no longer want. Fixes bug
      16016; bugfix on 0.2.6.3-alpha.

  o Minor bugfixes (manual page, backport from 0.4.4.1-alpha):
    - Update the man page to reflect that MinUptimeHidServDirectoryV2
      defaults to 96 hours. Fixes bug 34299; bugfix on 0.2.6.3-alpha.

  o Minor bugfixes (onion service v3, backport from 0.4.4.1-alpha):
    - Prevent an assert() that would occur when cleaning the client
      descriptor cache, and attempting to close circuits for a non-
      decrypted descriptor (lacking client authorization). Fixes bug
      33458; bugfix on 0.4.2.1-alpha.

  o Minor bugfixes (portability, backport from 0.4.4.1-alpha):
    - Fix a portability error in the configure script, where we were
      using "==" instead of "=". Fixes bug 34233; bugfix on \ 
0.4.3.5.

  o Minor bugfixes (relays, backport from 0.4.4.1-alpha):
    - Stop advertising incorrect IPv6 ORPorts in relay and bridge
      descriptors, when the IPv6 port was configured as "auto". Fixes
      bug 32588; bugfix on 0.2.3.9-alpha.

  o Documentation (backport from 0.4.4.1-alpha):
    - Fix several doxygen warnings related to imbalanced groups. Closes
      ticket 34255.
   2020-06-14 17:33:29 by Nia Alarie | Files touched by this commit (17)
Log message:
Rename rust-bin's PKGNAME to rust-bin. Add rust.mk for rust packages.

This allows rust-bin and rust to coexist in bulk builds (for testing, etc),
but the packages still may not be installed at the same time.

rust.mk as a solution for picking the correct rust variant was suggested
by gdt@. It is intended to be included directly by packages that do not
use cargo.mk, and indirectly by packages that do use cargo.mk.

rust.mk provides one user-settable variable:

RUST_TYPE
	as before, whether to bootstrap rust from source or use
	official binaries. may be "src" or "bin"

And two package-settable variables:

RUST_REQ
	the minimum version of Rust required by the package.
	defaults to "1.20.0"

RUST_RUNTIME
	whether Rust is a runtime dependency, may be "yes" or "no"
   2020-05-15 18:39:35 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
tor: update to 0.4.3.5.

Changes in version 0.4.3.5 - 2020-05-15
  Tor 0.4.3.5 is the first stable release in the 0.4.3.x series. This
  series adds support for building without relay code enabled, and
  implements functionality needed for OnionBalance with v3 onion
  services. It includes significant refactoring of our configuration and
  controller functionality, and fixes numerous smaller bugs and
  performance issues.

  Per our support policy, we support each stable release series for nine
  months after its first stable release, or three months after the first
  stable release of the next series: whichever is longer. This means
  that 0.4.3.x will be supported until around February 2021--later, if
  0.4.4.x is later than anticipated.

  Note also that support for 0.4.1.x is about to end on May 20 of this
  year; 0.4.2.x will be supported until September 15. We still plan to
  continue supporting 0.3.5.x, our long-term stable series, until
  Feb 2022.

  Below are the changes since 0.4.2.6. For a list of only the changes
  since 0.4.3.4-rc, see the ChangeLog file.

  o New system requirements:
    - When building Tor, you now need to have Python 3 in order to run
      the integration tests. (Python 2 is officially unsupported
      upstream, as of 1 Jan 2020.) Closes ticket 32608.

  o Major features (build system):
    - The relay code can now be disabled using the --disable-module-relay
      configure option. When this option is set, we also disable the
      dirauth module. Closes ticket 32123.
    - When Tor is compiled --disable-module-relay, we also omit the code
      used to act as a directory cache. Closes ticket 32487.

  o Major features (directory authority, ed25519):
    - Add support for banning a relay's ed25519 keys in the approved-
      routers file. This will help us migrate away from RSA keys in the
      future. Previously, only RSA keys could be banned in approved-
      routers. Resolves ticket 22029. Patch by Neel Chauhan.

  o Major features (onion services):
    - New control port commands to manage client-side onion service
      authorization credentials. The ONION_CLIENT_AUTH_ADD command adds
      a credential, ONION_CLIENT_AUTH_REMOVE deletes a credential, and
      ONION_CLIENT_AUTH_VIEW lists the credentials. Closes ticket 30381.
    - Introduce a new SocksPort flag, ExtendedErrors, to support more
      detailed error codes in information for applications that support
      them. Closes ticket 30382; implements proposal 304.

  o Major features (proxy):
    - In addition to its current supported proxy types (HTTP CONNECT,
      SOCKS4, and SOCKS5), Tor can now make its OR connections through a
      HAProxy server. A new torrc option was added to specify the
      address/port of the server: TCPProxy <protocol> \ 
<host>:<port>.
      Currently the only supported protocol for the option is haproxy.
      Closes ticket 31518. Patch done by Suphanat Chunhapanya (haxxpop).

  o Major bugfixes (security, denial-of-service):
    - Fix a denial-of-service bug that could be used by anyone to
      consume a bunch of CPU on any Tor relay or authority, or by
      directories to consume a bunch of CPU on clients or hidden
      services. Because of the potential for CPU consumption to
      introduce observable timing patterns, we are treating this as a
      high-severity security issue. Fixes bug 33119; bugfix on
      0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
      as TROVE-2020-002 and CVE-2020-10592.

  o Major bugfixes (circuit padding, memory leak):
    - Avoid a remotely triggered memory leak in the case that a circuit
      padding machine is somehow negotiated twice on the same circuit.
      Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
      This is also tracked as TROVE-2020-004 and CVE-2020-10593.

  o Major bugfixes (directory authority):
    - Directory authorities will now send a 503 (not enough bandwidth)
      code to clients when under bandwidth pressure. Known relays and
      other authorities will always be answered regardless of the
      bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha.

  o Major bugfixes (DoS defenses, bridges, pluggable transport):
    - Fix a bug that was preventing DoS defenses from running on bridges
      with a pluggable transport. Previously, the DoS subsystem was not
      given the transport name of the client connection, thus failed to
      find the GeoIP cache entry for that client address. Fixes bug
      33491; bugfix on 0.3.3.2-alpha.

  o Major bugfixes (networking):
    - Correctly handle IPv6 addresses in SOCKS5 RESOLVE_PTR requests,
      and accept strings as well as binary addresses. Fixes bug 32315;
      bugfix on 0.3.5.1-alpha.

  o Major bugfixes (onion service):
    - Report HS circuit failure back into the HS subsystem so we take
      appropriate action with regards to the client introduction point
      failure cache. This improves reachability of onion services, since
      now clients notice failing introduction circuits properly. Fixes
      bug 32020; bugfix on 0.3.2.1-alpha.

  o Minor feature (heartbeat, onion service):
    - Add the DoS INTRODUCE2 defenses counter to the heartbeat DoS
      message. Closes ticket 31371.

  o Minor feature (sendme, flow control):
    - Default to sending SENDME version 1 cells. (Clients are already
      sending these, because of a consensus parameter telling them to do
      so: this change only affects what clients would do if the
      consensus didn't contain a recommendation.) Closes ticket 33623.

  o Minor features (best practices tracker):
    - Practracker now supports a --regen-overbroad option to regenerate
      the exceptions file, but only to revise exceptions to be _less_
      tolerant of best-practices violations. Closes ticket 32372.

  o Minor features (configuration validation):
    - Configuration validation can now be done by per-module callbacks,
      rather than a global validation function. This will let us reduce
      the size of config.c and some of its more cumbersome functions.
      Closes ticket 31241.

  o Minor features (configuration):
    - If a configured hardware crypto accelerator in AccelName is
      prefixed with "!", Tor now exits when it cannot be found. Closes
      ticket 32406.
    - We now use flag-driven logic to warn about obsolete configuration
      fields, so that we can include their names. In 0.4.2, we used a
      special type, which prevented us from generating good warnings.
      Implements ticket 32404.

  o Minor features (configure, build system):
    - Output a list of enabled/disabled features at the end of the
      configure process in a pleasing way. Closes ticket 31373.

  o Minor features (continuous integration):
    - Run Doxygen Makefile target on Travis, so we can learn about
      regressions in our internal documentation. Closes ticket 32455.
    - Stop allowing failures on the Travis CI stem tests job. It looks
      like all the stem hangs we were seeing before are now fixed.
      Closes ticket 33075.

  o Minor features (controller):
    - Add stream isolation data to STREAM event. Closes ticket 19859.
    - Implement a new GETINFO command to fetch microdescriptor
      consensus. Closes ticket 31684.

  o Minor features (debugging, directory system):
    - Don't crash when we find a non-guard with a guard-fraction value
      set. Instead, log a bug warning, in an attempt to figure out how
      this happened. Diagnostic for ticket 32868.

  o Minor features (defense in depth):
    - Add additional checks around tor_vasprintf() usage, in case the
      function returns an error. Patch by Tobias Stoeckmann. Fixes
      ticket 31147.

  o Minor features (developer tools):
    - Remove the 0.2.9.x series branches from git scripts (git-merge-
      forward.sh, git-pull-all.sh, git-push-all.sh, git-setup-dirs.sh).
      Closes ticket 32772.
    - Add a check_cocci_parse.sh script that checks that new code is
      parseable by Coccinelle. Add an exceptions file for unparseable
      files, and run the script from travis CI. Closes ticket 31919.
    - Call the check_cocci_parse.sh script from a 'check-cocci' Makefile
      target. Closes ticket 31919.
    - Add a rename_c_identifiers.py tool to rename a bunch of C
      identifiers at once, and generate a well-formed commit message
      describing the change. This should help with refactoring. Closes
      ticket 32237.
    - Add some scripts in "scripts/coccinelle" to invoke the Coccinelle
      semantic patching tool with the correct flags. These flags are
      fairly easy to forget, and these scripts should help us use
      Coccinelle more effectively in the future. Closes ticket 31705.

  o Minor features (diagnostic):
    - Improve assertions and add some memory-poisoning code to try to
      track down possible causes of a rare crash (32564) in the EWMA
      code. Closes ticket 33290.

  o Minor features (directory authorities):
    - Directory authorities now reject descriptors from relays running
      Tor versions from the 0.2.9 and 0.4.0 series. The 0.3.5 series is
      still allowed. Resolves ticket 32672. Patch by Neel Chauhan.

  o Minor features (Doxygen):
    - Update Doxygen configuration file to a more recent template (from
      1.8.15). Closes ticket 32110.
    - "make doxygen" now works with out-of-tree builds. Closes
      ticket 32113.
    - Make sure that doxygen outputs documentation for all of our C
      files. Previously, some were missing @file declarations, causing
      them to be ignored. Closes ticket 32307.
    - Our "make doxygen" target now respects --enable-fatal-warnings by
      default, and does not warn about items that are missing
      documentation. To warn about missing documentation, run configure
      with the "--enable-missing-doc-warnings" flag: doing so suspends
      fatal warnings for doxygen. Closes ticket 32385.

  o Minor features (git scripts):
    - Add TOR_EXTRA_CLONE_ARGS to git-setup-dirs.sh for git clone
      customisation. Closes ticket 32347.
    - Add git-setup-dirs.sh, which sets up an upstream git repository
      and worktrees for tor maintainers. Closes ticket 29603.
    - Add TOR_EXTRA_REMOTE_* to git-setup-dirs.sh for a custom extra
      remote. Closes ticket 32347.
    - Call the check_cocci_parse.sh script from the git commit and push
      hooks. Closes ticket 31919.
    - Make git-push-all.sh skip unchanged branches when pushing to
      upstream. The script already skipped unchanged test branches.
      Closes ticket 32216.
    - Make git-setup-dirs.sh create a master symlink in the worktree
      directory. Closes ticket 32347.
    - Skip unmodified source files when doing some existing git hook
      checks. Related to ticket 31919.

  o Minor features (IPv6, client):
    - Make Tor clients tell dual-stack exits that they prefer IPv6
      connections. This change is equivalent to setting the PreferIPv6
      flag on SOCKSPorts (and most other listener ports). Tor Browser
      has been setting this flag for some time, and we want to remove a
      client distinguisher at exits. Closes ticket 32637.

  o Minor features (portability, android):
    - When building for Android, disable some tests that depend on $HOME
      and/or pwdb, which Android doesn't have. Closes ticket 32825.
      Patch from Hans-Christoph Steiner.

  o Minor features (relay modularity):
    - Split the relay and server pluggable transport config code into
      separate files in the relay module. Disable this code when the
      relay module is disabled. Closes part of ticket 32213.
    - When the relay module is disabled, reject attempts to set the
      ORPort, DirPort, DirCache, BridgeRelay, ExtORPort, or
      ServerTransport* options, rather than ignoring the values of these
      options. Closes part of ticket 32213.
    - When the relay module is disabled, change the default config so
      that DirCache is 0, and ClientOnly is 1. Closes ticket 32410.

  o Minor features (release tools):
    - Port our ChangeLog formatting and sorting tools to Python 3.
      Closes ticket 32704.

  o Minor features (testing):
    - The unit tests now support a "TOR_SKIP_TESTCASES" environment
      variable to specify a list of space-separated test cases that
      should not be executed. We will use this to disable certain tests
      that are failing on Appveyor because of mismatched OpenSSL
      libraries. Part of ticket 33643.
    - Detect some common failure cases for test_parseconf.sh in
      src/test/conf_failures. Closes ticket 32451.
    - Allow test_parseconf.sh to test expected log outputs for successful
      configs, as well as failed configs. Closes ticket 32451.
    - The test_parseconf.sh script now supports result variants for any
      combination of the optional libraries lzma, nss, and zstd. Closes
      ticket 32397.
    - When running the unit tests on Android, create temporary files in
      a subdirectory of /data/local/tmp. Closes ticket 32172. Based on a
      patch from Hans-Christoph Steiner.

  o Minor features (usability):
    - Include more information when failing to parse a configuration
      value. This should make it easier to tell what's going wrong when
      a configuration file doesn't parse. Closes ticket 33460.

  o Minor bugfix (relay, configuration):
    - Warn if the ContactInfo field is not set, and tell the relay
      operator that not having a ContactInfo field set might cause their
      relay to get rejected in the future. Fixes bug 33361; bugfix
      on 0.1.1.10-alpha.

  o Minor bugfixes (bridges):
    - Lowercase the configured value of BridgeDistribution before adding
      it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha.

  o Minor bugfixes (build system):
    - Fix "make autostyle" for out-of-tree builds. Fixes bug 32370;
      bugfix on 0.4.1.2-alpha.

  o Minor bugfixes (compiler compatibility):
    - Avoid compiler warnings from Clang 10 related to the use of GCC-
      style "/* falls through */" comments. Both Clang and GCC allow
      __attribute__((fallthrough)) instead, so that's what we're using
      now. Fixes bug 34078; bugfix on 0.3.1.3-alpha.
    - Fix compilation warnings with GCC 10.0.1. Fixes bug 34077; bugfix
      on 0.4.0.3-alpha.

  o Minor bugfixes (configuration handling):
    - Make control_event_conf_changed() take in a config_line_t instead
      of a smartlist of alternating key/value entries. Fixes bug 31531;
      bugfix on 0.2.3.3-alpha. Patch by Neel Chauhan.
    - Check for multiplication overflow when parsing memory units inside
      configuration. Fixes bug 30920; bugfix on 0.0.9rc1.
    - When dumping the configuration, stop adding a trailing space after
      the option name when there is no option value. This issue only
      affects options that accept an empty value or list. (Most options
      reject empty values, or delete the entire line from the dumped
      options.) Fixes bug 32352; bugfix on 0.0.9pre6.
    - Avoid changing the user's value of HardwareAccel as stored by
      SAVECONF, when AccelName is set but HardwareAccel is not. Fixes
      bug 32382; bugfix on 0.2.2.1-alpha.
    - When creating a KeyDirectory with the same location as the
      DataDirectory (not recommended), respect the DataDirectory's
      group-readable setting if one has not been set for the
      KeyDirectory. Fixes bug 27992; bugfix on 0.3.3.1-alpha.

  o Minor bugfixes (continuous integration):
    - Remove the buggy and unused mirroring job. Fixes bug 33213; bugfix
      on 0.3.2.2-alpha.

  o Minor bugfixes (controller protocol):
    - When receiving "ACTIVE" or "DORMANT" signals on the \ 
control port,
      report them as SIGNAL events. Previously we would log a bug
      warning. Fixes bug 33104; bugfix on 0.4.0.1-alpha.

  o Minor bugfixes (controller):
    - In routerstatus_has_changed(), check all the fields that are
      output over the control port. Fixes bug 20218; bugfix
      on 0.1.1.11-alpha.

  o Minor bugfixes (developer tools):
    - Allow paths starting with ./ in scripts/add_c_file.py. Fixes bug
      31336; bugfix on 0.4.1.2-alpha.

  o Minor bugfixes (dirauth module):
    - Split the dirauth config code into a separate file in the dirauth
      module. Disable this code when the dirauth module is disabled.
      Closes ticket 32213.
    - When the dirauth module is disabled, reject attempts to set the
      AuthoritativeDir option, rather than ignoring the value of the
      option. Fixes bug 32213; bugfix on 0.3.4.1-alpha.

  o Minor bugfixes (embedded Tor):
    - When starting Tor any time after the first time in a process,
      register the thread in which it is running as the main thread.
      Previously, we only did this on Windows, which could lead to bugs
      like 23081 on non-Windows platforms. Fixes bug 32884; bugfix
      on 0.3.3.1-alpha.

  o Minor bugfixes (git scripts):
    - Avoid sleeping before the last push in git-push-all.sh. Closes
      ticket 32216.
    - Forward all unrecognised arguments in git-push-all.sh to git push.
      Closes ticket 32216.

  o Minor bugfixes (key portability):
    - When reading PEM-encoded key data, tolerate CRLF line-endings even
      if we are not running on Windows. Previously, non-Windows hosts
      would reject these line-endings in certain positions, making
      certain key files hard to move from one host to another. Fixes bug
      33032; bugfix on 0.3.5.1-alpha.

  o Minor bugfixes (logging):
    - Stop truncating IPv6 addresses and ports in channel and connection
      logs. Fixes bug 33918; bugfix on 0.2.4.4-alpha.
    - Flush stderr, stdout, and file logs during shutdown, if supported
      by the OS. This change helps make sure that any final logs are
      recorded. Fixes bug 33087; bugfix on 0.4.1.6.
    - Stop closing stderr and stdout during shutdown. Closing these file
      descriptors can hide sanitiser logs. Fixes bug 33087; bugfix
      on 0.4.1.6.
    - If we encounter a bug when flushing a buffer to a TLS connection,
      only log the bug once per invocation of the Tor process.
      Previously we would log with every occurrence, which could cause
      us to run out of disk space. Fixes bug 33093; bugfix
      on 0.3.2.2-alpha.
    - When logging a bug, do not say "Future instances of this warning
      will be silenced" unless we are actually going to silence them.
      Previously we would say this whenever a BUG() check failed in the
      code. Fixes bug 33095; bugfix on 0.4.1.1-alpha.

  o Minor bugfixes (onion services v2):
    - Move a series of v2 onion service warnings to protocol-warning
      level because they can all be triggered remotely by a malformed
      request. Fixes bug 32706; bugfix on 0.1.1.14-alpha.
    - When sending the INTRO cell for a v2 Onion Service, look at the
      failure cache alongside timeout values to check if the intro point
      is marked as failed. Previously, we only looked at the relay
      timeout values. Fixes bug 25568; bugfix on 0.2.7.3-rc. Patch by
      Neel Chauhan.

  o Minor bugfixes (onion services v3):
    - Remove a BUG() warning that would cause a stack trace if an onion
      service descriptor was freed while we were waiting for a
      rendezvous circuit to complete. Fixes bug 28992; bugfix
      on 0.3.2.1-alpha.
    - Relax severity of a log message that can appear naturally when
      decoding onion service descriptors as a relay. Also add some
      diagnostics to debug any future bugs in that area. Fixes bug
      31669; bugfix on 0.3.0.1-alpha.
    - Fix an assertion failure that could result from a corrupted
      ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
      bugfix on 0.3.3.1-alpha. This issue is also tracked
      as TROVE-2020-003.
    - Properly handle the client rendezvous circuit timeout. Previously
      Tor would sometimes timeout a rendezvous circuit awaiting the
      introduction ACK, and find itself unable to re-establish all
      circuits because the rendezvous circuit timed out too early. Fixes
      bug 32021; bugfix on 0.3.2.1-alpha.

  o Minor bugfixes (onion services):
    - Do not rely on a "circuit established" flag for intro circuits but
      instead always query the HS circuit map. This is to avoid sync
      issue with that flag and the map. Fixes bug 32094; bugfix
      on 0.3.2.1-alpha.

  o Minor bugfixes (onion services, all):
    - In cancel_descriptor_fetches(), use
      connection_list_by_type_purpose() instead of
      connection_list_by_type_state(). Fixes bug 32639; bugfix on
      0.3.2.1-alpha. Patch by Neel Chauhan.

  o Minor bugfixes (pluggable transports):
    - When receiving a message on standard error from a pluggable
      transport, log it at info level, rather than as a warning. Fixes
      bug 33005; bugfix on 0.4.0.1-alpha.

  o Minor bugfixes (rust, build):
    - Fix a syntax warning given by newer versions of Rust that was
      creating problems for our continuous integration. Fixes bug 33212;
      bugfix on 0.3.5.1-alpha.

  o Minor bugfixes (scripts):
    - Fix update_versions.py for out-of-tree builds. Fixes bug 32371;
      bugfix on 0.4.0.1-alpha.

  o Minor bugfixes (testing):
    - Use the same code to find the tor binary in all of our test
      scripts. This change makes sure we are always using the coverage
      binary when coverage is enabled. Fixes bug 32368; bugfix
      on 0.2.7.3-rc.
    - Stop ignoring "tor --dump-config" errors in test_parseconf.sh.
      Fixes bug 32468; bugfix on 0.4.2.1-alpha.
    - Our option-validation tests no longer depend on specially
      configured non-default, non-passing sets of options. Previously,
      the tests had been written to assume that options would _not_ be
      set to their defaults, which led to needless complexity and
      verbosity. Fixes bug 32175; bugfix on 0.2.8.1-alpha.

  o Minor bugfixes (TLS bug handling):
    - When encountering a bug in buf_read_from_tls(), return a "MISC"
      error code rather than "WANTWRITE". This change might help avoid
      some CPU-wasting loops if the bug is ever triggered. Bug reported
      by opara. Fixes bug 32673; bugfix on 0.3.0.4-alpha.

  o Deprecated features:
    - Deprecate the ClientAutoIPv6ORPort option. This option was not
      true "Happy Eyeballs", and often failed on connections that
      weren't reliably dual-stack. Closes ticket 32942. Patch by
      Neel Chauhan.

  o Documentation:
    - Provide a quickstart guide for a Circuit Padding Framework, and
      documentation for researchers to implement and study circuit
      padding machines. Closes ticket 28804.
    - Add documentation in 'HelpfulTools.md' to describe how to build a
      tag file. Closes ticket 32779.
    - Create a high-level description of the long-term software
      architecture goals. Closes ticket 32206.
    - Describe the --dump-config command in the manual page. Closes
      ticket 32467.
    - Unite coding advice from this_not_that.md in torguts repo into our
      coding standards document. Resolves ticket 31853.

  o Removed features:
    - Our Doxygen configuration no longer generates LaTeX output. The
      reference manual produced by doing this was over 4000 pages long,
      and generally unusable. Closes ticket 32099.
    - The option "TestingEstimatedDescriptorPropagationTime" is now
      marked as obsolete. It has had no effect since 0.3.0.7, when
      clients stopped rejecting consensuses "from the future". Closes
      ticket 32807.
    - We no longer support consensus methods before method 28; these
      methods were only used by authorities running versions of Tor that
      are now at end-of-life. In effect, this means that clients,
      relays, and authorities now assume that authorities will be
      running version 0.3.5.x or later. Closes ticket 32695.

  o Testing:
    - Avoid conflicts between the fake sockets in tor's unit tests, and
      real file descriptors. Resolves issues running unit tests with
      GitHub Actions, where the process that embeds or launches the
      tests has already opened a large number of file descriptors. Fixes
      bug 33782; bugfix on 0.2.8.1-alpha. Found and fixed by
      Putta Khunchalee.
    - Add more test cases for tor's UTF-8 validation function. Also,
      check the arguments passed to the function for consistency. Closes
      ticket 32845.
    - Improve test coverage for relay and dirauth config code, focusing
      on option validation and normalization. Closes ticket 32213.
    - Improve the consistency of test_parseconf.sh output, and run all
      the tests, even if one fails. Closes ticket 32213.
    - Run the practracker unit tests in the pre-commit git hook. Closes
      ticket 32609.

  o Code simplification and refactoring (channel):
    - Channel layer had a variable length cell handler that was not used
      and thus removed. Closes ticket 32892.

  o Code simplification and refactoring (configuration):
    - Immutability is now implemented as a flag on individual
      configuration options rather than as part of the option-transition
      checking code. Closes ticket 32344.
    - Instead of keeping a list of configuration options to check for
      relative paths, check all the options whose type is "FILENAME".
      Solves part of ticket 32339.
    - Our default log (which ordinarily sends NOTICE-level messages to
      standard output) is now handled in a more logical manner.
      Previously, we replaced the configured log options if they were
      empty. Now, we interpret an empty set of log options as meaning
      "use the default log". Closes ticket 31999.
    - Remove some unused arguments from the options_validate() function,
      to simplify our code and tests. Closes ticket 32187.
    - Simplify the options_validate() code so that it looks at the
      default options directly, rather than taking default options as an
      argument. This change lets us simplify its interface. Closes
      ticket 32185.
    - Use our new configuration architecture to move most authority-
      related options to the directory authority module. Closes
      ticket 32806.
    - When parsing the command line, handle options that determine our
      "quiet level" and our mode of operation (e.g., --dump-config and
      so on) all in one table. Closes ticket 32003.

  o Code simplification and refactoring (controller):
    - Create a new abstraction for formatting control protocol reply
      lines based on key-value pairs. Refactor some existing control
      protocol code to take advantage of this. Closes ticket 30984.
    - Create a helper function that can fetch network status or
      microdesc consensuses. Closes ticket 31684.

  o Code simplification and refactoring (dirauth modularization):
    - Remove the last remaining HAVE_MODULE_DIRAUTH inside a function.
      Closes ticket 32163.
    - Replace some confusing identifiers in process_descs.c. Closes
      ticket 29826.
    - Simplify some relay and dirauth config code. Closes ticket 32213.

  o Code simplification and refactoring (mainloop):
    - Simplify the ip_address_changed() function by removing redundant
      checks. Closes ticket 33091.

  o Code simplification and refactoring (misc):
    - Make all the structs we declare follow the same naming convention
      of ending with "_t". Closes ticket 32415.
    - Move and rename some configuration-related code for clarity.
      Closes ticket 32304.
    - Our include.am files are now broken up by subdirectory.
      Previously, src/core/include.am covered all of the subdirectories
      in "core", "feature", and "app". Closes \ 
ticket 32137.
    - Remove underused NS*() macros from test code: they make our tests
      more confusing, especially for code-formatting tools. Closes
      ticket 32887.

  o Code simplification and refactoring (relay modularization):
    - Disable relay_periodic when the relay module is disabled. Closes
      ticket 32244.
    - Disable relay_sys when the relay module is disabled. Closes
      ticket 32245.

  o Code simplification and refactoring (tool support):
    - Add numerous missing dependencies to our include files, so that
      they can be included in different reasonable orders and still
      compile. Addresses part of ticket 32764.
    - Fix some parts of our code that were difficult for Coccinelle to
      parse. Related to ticket 31705.
    - Fix some small issues in our code that prevented automatic
      formatting tools from working. Addresses part of ticket 32764.

  o Documentation (manpage):
    - Alphabetize the Server and Directory server sections of the tor
      manpage. Also split Statistics options into their own section of
      the manpage. Closes ticket 33188. Work by Swati Thacker as part of
      Google Season of Docs.
    - Document the __OwningControllerProcess torrc option and specify
      its polling interval. Resolves issue 32971.
    - Split "Circuit Timeout" options and "Node Selection" \ 
options into
      their own sections of the tor manpage. Closes tickets 32928 and
      32929. Work by Swati Thacker as part of Google Season of Docs.
    - Alphabetize the Client Options section of the tor manpage. Closes
      ticket 32846.
    - Alphabetize the General Options section of the tor manpage. Closes
      ticket 32708.
    - In the tor(1) manpage, reword and improve formatting of the
      COMMAND-LINE OPTIONS and DESCRIPTION sections. Closes ticket
      32277. Based on work by Swati Thacker as part of Google Season
      of Docs.
    - In the tor(1) manpage, reword and improve formatting of the FILES,
      SEE ALSO, and BUGS sections. Closes ticket 32176. Based on work by
      Swati Thacker as part of Google Season of Docs.

  o Testing (Appveyor CI):
    - In our Appveyor Windows CI, copy required DLLs to test and app
      directories, before running tor's tests. This ensures that tor.exe
      and test*.exe use the correct version of each DLL. This fix is not
      required, but we hope it will avoid DLL search issues in future.
      Fixes bug 33673; bugfix on 0.3.4.2-alpha.
    - On Appveyor, skip the crypto/openssl_version test, which is
      failing because of a mismatched library installation. Fix
      for 33643.

  o Testing (circuit, EWMA):
    - Add unit tests for circuitmux and EWMA subsystems. Closes
      ticket 32196.

  o Testing (Travis CI):
    - Remove a redundant distcheck job. Closes ticket 33194.
    - Sort the Travis jobs in order of speed: putting the slowest jobs
      first takes full advantage of Travis job concurrency. Closes
      ticket 33194.
    - Stop allowing the Chutney IPv6 Travis job to fail. This job was
      previously configured to fast_finish (which requires
      allow_failure), to speed up the build. Closes ticket 33195.
    - When a Travis chutney job fails, use chutney's new "diagnostics.sh"
      tool to produce detailed diagnostic output. Closes ticket 32792.
   2020-03-18 17:43:49 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor: update to 0.4.2.7.

Changes in version 0.4.2.7 - 2020-03-18
  This is the third stable release in the 0.4.2.x series. It backports
  numerous fixes from later releases, including a fix for TROVE-2020-
  002, a major denial-of-service vulnerability that affected all
  released Tor instances since 0.2.1.5-alpha. Using this vulnerability,
  an attacker could cause Tor instances to consume a huge amount of CPU,
  disrupting their operations for several seconds or minutes. This
  attack could be launched by anybody against a relay, or by a directory
  cache against any client that had connected to it. The attacker could
  launch this attack as much as they wanted, thereby disrupting service
  or creating patterns that could aid in traffic analysis. This issue
  was found by OSS-Fuzz, and is also tracked as CVE-2020-10592.

  We do not have reason to believe that this attack is currently being
  exploited in the wild, but nonetheless we advise everyone to upgrade
  as soon as packages are available.

  o Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha):
    - Fix a denial-of-service bug that could be used by anyone to
      consume a bunch of CPU on any Tor relay or authority, or by
      directories to consume a bunch of CPU on clients or hidden
      services. Because of the potential for CPU consumption to
      introduce observable timing patterns, we are treating this as a
      high-severity security issue. Fixes bug 33119; bugfix on
      0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
      as TROVE-2020-002 and CVE-2020-10592.

  o Major bugfixes (circuit padding, memory leak, backport from 0.4.3.3-alpha):
    - Avoid a remotely triggered memory leak in the case that a circuit
      padding machine is somehow negotiated twice on the same circuit.
      Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
      This is also tracked as TROVE-2020-004 and CVE-2020-10593.

  o Major bugfixes (directory authority, backport from 0.4.3.3-alpha):
    - Directory authorities will now send a 503 (not enough bandwidth)
      code to clients when under bandwidth pressure. Known relays and
      other authorities will always be answered regardless of the
      bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha.

  o Minor features (continuous integration, backport from 0.4.3.2-alpha):
    - Stop allowing failures on the Travis CI stem tests job. It looks
      like all the stem hangs we were seeing before are now fixed.
      Closes ticket 33075.

  o Minor bugfixes (bridges, backport from 0.4.3.1-alpha):
    - Lowercase the configured value of BridgeDistribution before adding
      it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha.

  o Minor bugfixes (logging, backport from 0.4.3.2-alpha):
    - If we encounter a bug when flushing a buffer to a TLS connection,
      only log the bug once per invocation of the Tor process.
      Previously we would log with every occurrence, which could cause
      us to run out of disk space. Fixes bug 33093; bugfix
      on 0.3.2.2-alpha.

  o Minor bugfixes (onion services v3, backport from 0.4.3.3-alpha):
    - Fix an assertion failure that could result from a corrupted
      ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
      bugfix on 0.3.3.1-alpha. This issue is also tracked
      as TROVE-2020-003.

  o Minor bugfixes (rust, build, backport from 0.4.3.2-alpha):
    - Fix a syntax warning given by newer versions of Rust that was
      creating problems for our continuous integration. Fixes bug 33212;
      bugfix on 0.3.5.1-alpha.

  o Testing (Travis CI, backport from 0.4.3.3-alpha):
    - Remove a redundant distcheck job. Closes ticket 33194.
    - Sort the Travis jobs in order of speed: putting the slowest jobs
      first takes full advantage of Travis job concurrency. Closes
      ticket 33194.
    - Stop allowing the Chutney IPv6 Travis job to fail. This job was
      previously configured to fast_finish (which requires
      allow_failure), to speed up the build. Closes ticket 33195.
    - When a Travis chutney job fails, use chutney's new "diagnostics.sh"
      tool to produce detailed diagnostic output. Closes ticket 32792.
   2020-01-30 22:15:41 by Leonardo Taccari | Files touched by this commit (1)
Log message:
tor: Readd accidentally removed .crate in distinfo

XXX: It would be nice that `makesum' target do that independently of `rust'
XXX: option.