ANON-55 - Merge upstream changes from Tor (#97)

CODE_OF_CONDUCT

@@ -3,5 +3,4 @@ where people feel safe to engage, share their points of view, and
 participate. For the latest version of our Code of Conduct, please
 see
 
-https://gitweb.torproject.org/community/policies.git/plain/code_of_conduct.txt
-
+https://community.torproject.org/policies/code_of_conduct/

ChangeLog

@@ -1,3 +1,52 @@
+Changes in version 0.4.8.11 - 2024-04-10
+  This is a minor release mostly to upgrade the fallbackdir list.
+  Directory authorities running this version will now automatically
+  reject relays running the end of life 0.4.7.x version.
+
+  o Minor features (directory authorities):
+    - Reject 0.4.7.x series at the authority level. Closes ticket 40896.
+    - New IP address and keys for tor26.
+    - Allow BandwidthFiles "node_id" KeyValue without the dollar sign at
+      the start of the hexdigit, in order to easier database queries
+      combining Tor documents in which the relays fingerprint does not
+      include it. Fixes bug 40891; bugfix on 0.4.7 (all supported
+      versions of Tor).
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on April 10, 2024.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2024/04/10.
+
+  o Minor bugfixes (directory authorities):
+    - Add a warning when publishing a vote or signatures to another
+      directory authority fails. Fixes bug 40910; bugfix on 0.2.0.3-alpha.
+
+
+Changes in version 0.4.8.10 - 2023-12-08
+  This is a security release fixing a high severity bug (TROVE-2023-007)
+  affecting Exit relays supporting Conflux. We strongly recommend to update as
+  soon as possible.
+
+  o Major bugfixes (TROVE-2023-007, exit):
+    - Improper error propagation from a safety check in conflux leg
+      linking led to a desynchronization of which legs were part of a
+      conflux set, ultimately causing a UAF and NULL pointer dereference
+      crash on Exit relays. Fixes bug 40897; bugfix on 0.4.8.1-alpha.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on December 08, 2023.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2023/12/08.
+
+  o Minor bugfixes (bridges, statistics):
+    - Correctly report statistics for client count over pluggable
+      transports. Fixes bug 40871; bugfix on 0.4.8.4.
+
+
 Changes in version 0.4.8.9 - 2023-11-09
   This is another security release fixing a high severity bug affecting onion
   services which is tracked by TROVE-2023-006. We are also releasing a guard
@@ -216,6 +265,10 @@ Changes in version 0.4.8.3-rc - 2023-08-04
     - Update the geoip files to match the IPFire Location Database, as
       retrieved on 2023/08/04.
 
+  o Minor features (bridge):
+    - warn when a bridge is also configure to be an exit relay.
+      Closes ticket 40819.
+
   o Minor bugfixes (compilation):
     - Fix all -Werror=enum-int-mismatch warnings. No behavior change.
       Fixes bug 40824; bugfix on 0.3.5.1-alpha.

README.md

@@ -58,13 +58,16 @@ Home page:
 
 Download new versions:
 
-- https://www.torproject.org/download/download.html
+- https://www.torproject.org/download/tor
 
-Documentation, including links to installation and setup instructions:
+How to verify Tor source:
 
-- https://www.torproject.org/docs/documentation.html
+- https://support.torproject.org/little-t-tor/
 
-Frequently Asked Questions:
+Documentation and Frequently Asked Questions:
 
-- https://www.torproject.org/docs/faq.html
+- https://support.torproject.org/
 
+How to run a Tor relay:
+
+- https://community.torproject.org/relay/ 

ReleaseNotes

@@ -2,6 +2,55 @@ This document summarizes new features and bugfixes in each stable
 release of Tor. If you want to see more detailed descriptions of the
 changes in each development snapshot, see the ChangeLog file.
 
+Changes in version 0.4.8.11 - 2024-04-10
+  This is a minor release mostly to upgrade the fallbackdir list.
+  Directory authorities running this version will now automatically
+  reject relays running the end of life 0.4.7.x version.
+
+  o Minor features (directory authorities):
+    - Reject 0.4.7.x series at the authority level. Closes ticket 40896.
+    - New IP address and keys for tor26.
+    - Allow BandwidthFiles "node_id" KeyValue without the dollar sign at
+      the start of the hexdigit, in order to easier database queries
+      combining Tor documents in which the relays fingerprint does not
+      include it. Fixes bug 40891; bugfix on 0.4.7 (all supported
+      versions of Tor).
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on April 10, 2024.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2024/04/10.
+
+  o Minor bugfixes (directory authorities):
+    - Add a warning when publishing a vote or signatures to another
+      directory authority fails. Fixes bug 40910; bugfix on 0.2.0.3-alpha.
+
+
+Changes in version 0.4.8.10 - 2023-12-08
+  This is a security release fixing a high severity bug (TROVE-2023-007)
+  affecting Exit relays supporting Conflux. We strongly recommend to update as
+  soon as possible.
+
+  o Major bugfixes (TROVE-2023-007, exit):
+    - Improper error propagation from a safety check in conflux leg
+      linking led to a desynchronization of which legs were part of a
+      conflux set, ultimately causing a UAF and NULL pointer dereference
+      crash on Exit relays. Fixes bug 40897; bugfix on 0.4.8.1-alpha.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on December 08, 2023.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2023/12/08.
+
+  o Minor bugfixes (bridges, statistics):
+    - Correctly report statistics for client count over pluggable
+      transports. Fixes bug 40871; bugfix on 0.4.8.4.
+
+
 Changes in version 0.4.8.9 - 2023-11-09
   This is another security release fixing a high severity bug affecting onion
   services which is tracked by TROVE-2023-006. We are also releasing a guard
@@ -214,6 +263,10 @@ Changes in version 0.4.8.4 - 2023-08-23
       wouldn't have any middle nodes left to choose from so we would fail to
       make onion-related circuits. Fixes bug 40805; bugfix on 0.4.7.1-alpha.
 
+  o Minor features (bridge):
+    - warn when a bridge is also configure to be an exit relay.
+      Closes ticket 40819.
+
   o Minor features (geoip data):
     - Update the geoip files to match the IPFire Location Database, as
       retrieved on 2023/08/23.

changes/bug40897

@@ -0,0 +1,6 @@
+  o Major bugfixes (TROVE-2023-007, exit):
+    - Improper error propagation from a safety check in conflux leg
+      linking lead to a desynchronization of which legs were part of
+      a conflux set, ultimately causing a UAF and NULL pointer
+      dereference crash on Exit relays. Fixes bug 40897;
+      bugfix on 0.4.8.1-alpha.

changes/bug40910

@@ -0,0 +1,5 @@
+  o Minor bugfixes (directory authorities):
+    - Add a warning when publishing a vote or signatures to another
+      directory authority fails. Fixes bug 40910; bugfix on
+      0.2.0.3-alpha.
+

changes/bug40911

@@ -0,0 +1,5 @@
+  o Minor bugfixes (compiler warnings):
+    - Make sure the two bitfields in the half-closed edge struct are
+      unsigned, as we're using them for boolean values and assign 1 to
+      them. Fixes bug 40911; bugfix on 0.4.7.2-alpha.
+

changes/bug40922

@@ -0,0 +1,5 @@
+  o Minor bugfixes (testing):
+    - Enabling TestingTorNetwork no longer forces fast hidden service
+      intro point rotation. This reduces noise and errors when
+      using hidden services with TestingTorNetwork enabled.
+      Fixes bug 40922; bugfix on 0.3.2.1-alpha.

changes/bug40933

@@ -0,0 +1,3 @@
+  o Minor bugfixes (sandbox, bwauth):
+    - Fix sandbox to work for bandwidth authority. Fixes bug 40933; bugfix on
+      0.2.2.1-alpha

changes/fallbackdirs-2023-12-08

@@ -0,0 +1,2 @@
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on December 08, 2023.

changes/fallbackdirs-2024-04-10

@@ -0,0 +1,2 @@
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on April 10, 2024.

changes/fallbackdirs-2024-06-06

@@ -0,0 +1,2 @@
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on June 06, 2024.

changes/geoip-2023-12-08

@@ -0,0 +1,3 @@
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database,
+      as retrieved on 2023/12/08.

changes/geoip-2024-04-10

@@ -0,0 +1,3 @@
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database,
+      as retrieved on 2024/04/10.

changes/geoip-2024-06-06

@@ -0,0 +1,3 @@
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database,
+      as retrieved on 2024/06/06.

changes/prop351

@@ -0,0 +1,7 @@
+  o Minor features (SOCKS):
+    - Detect invalid SOCKS5 username/password combinations according to
+      new extended parameters syntax.  (Currently, this rejects any
+      SOCKS5 username beginning with "<torS0X>", except for the username
+      "<torS0X>0". Such usernames are now reserved to communicate additional
+      parameters with other Tor implementations.)
+      Implements proposal 351.

changes/tap-out-part-1

@@ -0,0 +1,12 @@
+  o Removed features (obsolete):
+    - Relays no longer support the obsolete TAP circuit extension
+      protocol. (For backward compatibility, however, relays still continue to
+      include TAP keys in their descriptors.) Implements part
+      of proposal 350.
+    - Removed some vestigial code for selecting the TAP circuit extension
+      protocol.
+
+  o Minor features (forward-compatibility):
+    - We now correctly parse microdescriptors and router descriptors
+      that do not include TAP onion keys. (For backward compatibility,
+      authorities continue to require these keys.) Implements part of proposal 350.

changes/ticket11101

@@ -0,0 +1,4 @@
+  o Minor feature (bridges, pluggable transport):
+    - Add STATUS TYPE=version handler for Pluggable Transport. This allows us to
+      gather version statistics on Pluggable Transport usage from bridge servers
+      on our metrics portal. Closes ticket 11101.

changes/ticket40689

@@ -0,0 +1,3 @@
+  o Minor feature (dirauth):
+    - Add back faravahar with a new address and new keys. Closes 40689.
+

changes/ticket40816

@@ -0,0 +1,4 @@
+  o Minor feature (metrics port, relay):
+    - Add new metrics for relays on the MetricsPort namely the count of drop
+      cell, destroy cell and the number of circuit protocol violation seen that
+      lead to a circuit close. Closes ticket 40816.

changes/ticket40871

@@ -0,0 +1,3 @@
+  o Minor bugfixes (bridges, statistics):
+    - Correctly report statistics for client count over Pluggable transport.
+      Fixes bug 40871; bugfix on 0.4.8.4

changes/ticket40896

@@ -0,0 +1,2 @@
+  o Minor feature (authority):
+    - Reject 0.4.7.x series at the authority level. Closes ticket 40896.

changes/ticket40908

@@ -0,0 +1,5 @@
+  o Minor bugfixes (conflux):
+    - Make sure we don't process a closed circuit when packaging data. This lead
+      to a non fatal BUG() spamming logs. Fixes bug 40908; bugfix on
+      0.4.8.1-alpha.
+

changes/ticket40918

@@ -0,0 +1,3 @@
+  o Minor bugfix (relay, sandbox):
+    - Disable a sandbox unit test that is failing on Debian Sid breaking our
+      nightly packages. Fixes bug 40918; bugfix on 0.3.5.1-alpha.

changes/ticket40921

@@ -0,0 +1,3 @@
+  o Minor bugfixes (conflux):
+    - Avoid a potential hard assert (crash) when sending a cell on a Conflux
+      set. Fixes bug 40921; bugfix on 0.4.8.1-alpha.

changes/ticket40932

@@ -0,0 +1,3 @@
+  o Minor bugfix (circuit):
+    - Remove a log_warn being triggered by a protocol violation that already
+      emits a protocol warning log. Fixes bug 40932; bugfix on 0.4.8.1-alpha.

changes/ticket40966

@@ -0,0 +1,3 @@
+  o Minor bugfixes (memleak, authority):
+    - Fix a small memleak when computing a new consensus. This only affects
+      directory authorities. Fixes bug 40966; bugfix on 0.3.5.1-alpha.

changes/tor26-change

@@ -0,0 +1,3 @@
+  o Minor feature (dirauth, tor26):
+    - New IP address and keys.
+

doc/man/anon.1.txt

@@ -1017,7 +1017,7 @@ forward slash (/) in the configuration file and on the command line.
     equivalent option for directory connections, because all Tor client versions
     that support this option download directory documents via OR connections. +
 +
-    The only protocol supported right now 'haproxy'. This option is only for
+    The only protocol supported right now is 'haproxy'. This option is only for
     clients. (Default: none) +
 +
     The HAProxy version 1 proxy protocol is described in detail at
@@ -2812,17 +2812,16 @@ types of statistics that Tor relays collect and publish:
      +
     A relay is considered overloaded if at least one of these conditions is
     met:
-        - Onionskins are starting to be dropped.
+        - A certain ratio of ntor onionskins are dropped.
         - The OOM was invoked.
+        - TCP Port exhaustion.
 
-        - (Exit only) DNS timeout occurs X% of the time over Y seconds (values
-          controlled by consensus parameters, see param-spec.txt).
      +
     If ExtraInfoStatistics is enabled, it can also put two more specific
     overload lines in the extra-info document if at least one of these
     conditions is met:
-        - TCP Port exhaustion.
         - Connection rate limits have been reached (read and write side).
+        - File descriptors are exhausted.
 
 [[PaddingStatistics]] **PaddingStatistics** **0**|**1**::
     Relays and bridges only.
@@ -3136,7 +3135,7 @@ hard and are likely different for each service operator.
 Why is this not helping reachability of the service? Because the defenses are
 at the introduction point, an attacker can easily flood all introduction point
 rendering the service unavailable due to no client being able to pass through.
-But, the service itself is not overwhelmed with connetions allowing it to
+But, the service itself is not overwhelmed with connections allowing it to
 function properly for the few clients that were able to go through or other any
 services running on the same tor instance.
 
@@ -4125,7 +4124,7 @@ __DataDirectory__/**`stats/hidserv-stats`**::
     of what fraction of the traffic is hidden service rendezvous traffic, and
     approximately how many hidden services the relay has seen.
 
-__DataDirectory__/**networkstatus-bridges`**::
+__DataDirectory__/**`networkstatus-bridges`**::
     Only used by authoritative bridge directories. Contains information
     about bridges that have self-reported themselves to the bridge
     authority.