mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 15:43:32 +01:00
copy-edit the 0.2.5.3-alpha changelog even more
This commit is contained in:
parent
42e7eb7017
commit
1dc000f7df
88
ChangeLog
88
ChangeLog
@ -1,34 +1,33 @@
|
|||||||
Changes in version 0.2.5.3-alpha - 2014-03-??
|
Changes in version 0.2.5.3-alpha - 2014-03-??
|
||||||
Tor 0.2.5.3-alpha includes all the fixes from 0.2.4.21. It contains
|
Tor 0.2.5.3-alpha includes all the fixes from 0.2.4.21. It contains
|
||||||
two new anti-DoS features for Tor nodes, resolves a bug that was
|
two new anti-DoS features for Tor nodes, resolves a bug that kept
|
||||||
keeping SOCKS5 support for IPv6 from working, fixes several annoying
|
SOCKS5 support for IPv6 from working, fixes several annoying usability
|
||||||
usability issues for bridge users, and removes more old
|
issues for bridge users, and removes more old code for unused
|
||||||
code for unused directory formats.
|
directory formats.
|
||||||
|
|
||||||
The Tor 0.2.5.x release series is now in patch-freeze: no feature
|
The Tor 0.2.5.x release series is now in patch-freeze: no feature
|
||||||
patches not already written will be considered for inclusion in
|
patches not already written will be considered for inclusion in
|
||||||
0.2.5.x.
|
0.2.5.x.
|
||||||
|
|
||||||
o Major features (server security, DoS-resistance):
|
o Major features (server security, DoS-resistance):
|
||||||
- When we run out of memory and we need to close circuits, also
|
- When deciding whether we have run out of memory and we need to
|
||||||
consider how much memory is allocated in buffers for streams
|
close circuits, also consider memory allocated in buffers for
|
||||||
attached to each circuit.
|
streams attached to each circuit.
|
||||||
|
|
||||||
This change, which extends an anti-DoS feature introduced in
|
This change, which extends an anti-DoS feature introduced in
|
||||||
0.2.4.13-alpha and improved in 0.2.4.14-alpha, lets Tor exit nodes
|
0.2.4.13-alpha and improved in 0.2.4.14-alpha, lets Tor exit nodes
|
||||||
better resist more memory-based DoS attacks than before. Since the
|
better resist more memory-based DoS attacks than before. Since the
|
||||||
MaxMemInCellQueues option now applies to all queues, not only cell
|
MaxMemInCellQueues option now applies to all queues, it is renamed
|
||||||
queues, it is now renamed to MaxMemInQueues. This feature fixes
|
to MaxMemInQueues. This feature fixes bug 10169.
|
||||||
bug 10169.
|
|
||||||
- Avoid hash-flooding denial-of-service attacks by using the secure
|
- Avoid hash-flooding denial-of-service attacks by using the secure
|
||||||
SipHash-2-4 hash function for our hashtables. Without this
|
SipHash-2-4 hash function for our hashtables. Without this
|
||||||
feature, an attacker could degrade performance of a targeted
|
feature, an attacker could degrade performance of a targeted
|
||||||
client or server by flooding their data structures with a large
|
client or server by flooding their data structures with a large
|
||||||
number of data entries all calculated to be stored at the same
|
number of entries to be stored at the same hash table position,
|
||||||
hash table position, thereby slowing down hash table operations.
|
thereby slowing down the Tor instance. With this feature, hash
|
||||||
With this feature, hash table positions are derived from a
|
table positions are derived from a randomized cryptographic key,
|
||||||
randomized cryptographic key, and an attacker cannot predict which
|
and an attacker cannot predict which entries will collide. Closes
|
||||||
entries will collide. Closes ticket 4900.
|
ticket 4900.
|
||||||
- Decrease the lower limit of MaxMemInQueues to 256 MBytes, to
|
- Decrease the lower limit of MaxMemInQueues to 256 MBytes, to
|
||||||
better support Raspberry Pi users. Fixes bug 9686; bugfix on
|
better support Raspberry Pi users. Fixes bug 9686; bugfix on
|
||||||
0.2.4.14-alpha.
|
0.2.4.14-alpha.
|
||||||
@ -36,11 +35,11 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
|
|||||||
o Minor features (bridges, pluggable transports):
|
o Minor features (bridges, pluggable transports):
|
||||||
- Bridges now write the SHA1 digest of their identity key
|
- Bridges now write the SHA1 digest of their identity key
|
||||||
fingerprint (that is, a hash of a hash of their public key) to
|
fingerprint (that is, a hash of a hash of their public key) to
|
||||||
notice-level logs and to a new hashed-fingerprint file. This will
|
notice-level logs, and to a new hashed-fingerprint file. This
|
||||||
help bridge operatorslook up their bridge in Globe and similar
|
information will help bridge operators look up their bridge in
|
||||||
tools. Resolves ticket 10884.
|
Globe and similar tools. Resolves ticket 10884.
|
||||||
- Improve the message that gets displayed when Tor as a bridge is
|
- Improve the message that Tor displays when running as a bridge
|
||||||
using pluggable transports but doesn't have an Extended ORPort
|
using pluggable transports without an Extended ORPort
|
||||||
listener. Also, log the message in the log file too. Resolves
|
listener. Also, log the message in the log file too. Resolves
|
||||||
ticket 11043.
|
ticket 11043.
|
||||||
- Stop giving annoying warning messages when we decide not to launch
|
- Stop giving annoying warning messages when we decide not to launch
|
||||||
@ -50,7 +49,7 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
|
|||||||
o Minor features (other):
|
o Minor features (other):
|
||||||
- Add a new option, PredictedPortsRelevanceTime, to control how long
|
- Add a new option, PredictedPortsRelevanceTime, to control how long
|
||||||
after having received a request to connect to a given port Tor
|
after having received a request to connect to a given port Tor
|
||||||
will try to keep circuits ready in anticipation of future request
|
will try to keep circuits ready in anticipation of future requests
|
||||||
for that port. Patch from "unixninja92"; implements ticket 9176.
|
for that port. Patch from "unixninja92"; implements ticket 9176.
|
||||||
- Generate a warning if any ports are listed in the SocksPolicy,
|
- Generate a warning if any ports are listed in the SocksPolicy,
|
||||||
DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or
|
DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or
|
||||||
@ -74,23 +73,22 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
|
|||||||
bugfix on 0.2.5.1-alpha. Patch from Dana Koch.
|
bugfix on 0.2.5.1-alpha. Patch from Dana Koch.
|
||||||
|
|
||||||
o Minor bugfixes (client):
|
o Minor bugfixes (client):
|
||||||
- Fix connections to IPv6 addresses over SOCKS5; previously, we were
|
- Fix connections to IPv6 addresses over SOCKS5. Previously, we were
|
||||||
generating incorrect SOCKS5 responses, and confusing client
|
generating incorrect SOCKS5 responses, and confusing client
|
||||||
applications. Fixes bug 10987; bugfix on 0.2.4.7-alpha.
|
applications. Fixes bug 10987; bugfix on 0.2.4.7-alpha.
|
||||||
- Raises a control port warning when we fail to connect to all of
|
- Raise a control port warning when we fail to connect to all of
|
||||||
our bridges. Previously, we didn't let the controller know, which
|
our bridges. Previously, we didn't inform the controller, and
|
||||||
would make the bootstrap process stall. Fixes bug 11069; bugfix on
|
the bootstrap process would stall. Fixes bug 11069; bugfix on
|
||||||
tor-0.2.1.2-alpha.
|
tor-0.2.1.2-alpha.
|
||||||
- Exit immediately when a process-owning controller exits.
|
- Exit immediately when a process-owning controller exits.
|
||||||
Previously, tor relays would wait for a little while after their
|
Previously, tor relays would wait for a little while after their
|
||||||
controller exited, as if they had gotten an INT signal--but this
|
controller exited, as if they had gotten an INT signal--but this
|
||||||
was problematic, since there was no feedback for the
|
was problematic, since there was no feedback for the user. To do a
|
||||||
user. Controllers that want to do a clean shutdown should send an
|
clean shutdown, controllers should send an INT signal and give Tor
|
||||||
INT signal to let the user know what's going on. Fix for bug
|
a chance to clean up. Fix for bug 10449; bugfix on 0.2.2.28-beta.
|
||||||
10449; bugfix on 0.2.2.28-beta.
|
|
||||||
- Improve the log message when we can't connect to a hidden service
|
- Improve the log message when we can't connect to a hidden service
|
||||||
because we have excluded all of the hidden service directory nodes
|
because all of the hidden service directory nodes hosting its
|
||||||
hosting its descriptor. Improves on our fix for bug 10722, which
|
descriptor are excluded. Improves on our fix for bug 10722, which
|
||||||
was a bugfix on 0.2.0.10-alpha.
|
was a bugfix on 0.2.0.10-alpha.
|
||||||
- Fix a bug where we would attempt to connect to bridges before our
|
- Fix a bug where we would attempt to connect to bridges before our
|
||||||
pluggable transports were configured, which resulted in some
|
pluggable transports were configured, which resulted in some
|
||||||
@ -103,9 +101,8 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
|
|||||||
bugfix on 0.2.1.7-alpha. Patch from Matt Pagan.
|
bugfix on 0.2.1.7-alpha. Patch from Matt Pagan.
|
||||||
- Avoid crashing on a malformed resolv.conf file when running a
|
- Avoid crashing on a malformed resolv.conf file when running a
|
||||||
server using Libevent 1. Fixes bug 8788; bugfix on 0.1.1.23.
|
server using Libevent 1. Fixes bug 8788; bugfix on 0.1.1.23.
|
||||||
- Give the correct URL in the warning message that we present when
|
- Give the correct URL in the warning message when trying to run a
|
||||||
trying to run a Tor relay on an ancient version of Windows. Fixes
|
Tor relay on an ancient version of Windows. Fixes bug 9393.
|
||||||
bug 9393.
|
|
||||||
- Bridges now never collect statistics that were designed for
|
- Bridges now never collect statistics that were designed for
|
||||||
relays. Fix for bug 5824; bugfix on 0.2.3.8-alpha.
|
relays. Fix for bug 5824; bugfix on 0.2.3.8-alpha.
|
||||||
- Bridges now report complete directory request statistics. Related
|
- Bridges now report complete directory request statistics. Related
|
||||||
@ -116,7 +113,7 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
|
|||||||
-fasynchronous-unwind-tables compiler option. This option is
|
-fasynchronous-unwind-tables compiler option. This option is
|
||||||
needed for platforms like 32-bit Intel where -fomit-frame-pointer
|
needed for platforms like 32-bit Intel where -fomit-frame-pointer
|
||||||
is on by default and table generation is not. This doesn't yet
|
is on by default and table generation is not. This doesn't yet
|
||||||
add Windows support yet; only Linux, OSX, and some BSD are
|
add Windows support yet; only Linux, OSX, and some BSDs are
|
||||||
affected. Reported by 'cypherpunks'; fixes bug 11047; bugfix on
|
affected. Reported by 'cypherpunks'; fixes bug 11047; bugfix on
|
||||||
0.2.5.2-alpha.
|
0.2.5.2-alpha.
|
||||||
- Avoid strange behavior if two threads hit failed assertions at the
|
- Avoid strange behavior if two threads hit failed assertions at the
|
||||||
@ -125,9 +122,8 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
|
|||||||
intermediate results in the same buffer, and generated junk
|
intermediate results in the same buffer, and generated junk
|
||||||
outputs.) Reported by "cypherpunks". Fixes bug 11048; bugfix on
|
outputs.) Reported by "cypherpunks". Fixes bug 11048; bugfix on
|
||||||
0.2.5.2-alpha.
|
0.2.5.2-alpha.
|
||||||
- Fix a 64-to-32-conversion compiler warning in
|
- Fix a compiler warning in format_number_sigsafe(). Bugfix on
|
||||||
format_number_sigsafe(). Bugfix on 0.2.5.2-alpha; patch from Nick
|
0.2.5.2-alpha; patch from Nick Hopper.
|
||||||
Hopper.
|
|
||||||
|
|
||||||
o Removed code:
|
o Removed code:
|
||||||
- Remove all remaining code related to version-0 hidden service
|
- Remove all remaining code related to version-0 hidden service
|
||||||
@ -135,18 +131,18 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
|
|||||||
the rest of bug 10841.
|
the rest of bug 10841.
|
||||||
|
|
||||||
o Documentation:
|
o Documentation:
|
||||||
- Explain that SocksPolicy, DirPolicy, and their allies don't take
|
- Explain that SocksPolicy, DirPolicy, and similar options don't
|
||||||
port arguments. Fixes ticket 11108.
|
take port arguments. Fixes ticket 11108.
|
||||||
- Fix the max client name length in the manpage's description of
|
- Fix the manpage's description of HiddenServiceAuthorizeClient
|
||||||
HiddenServiceAuthorizeClient description: it should have been 16,
|
description: it should have given the maximum client name length
|
||||||
not 19. Fixes bug 11118; bugfix on 0.2.1.6-alpha.
|
as 16, not 19. Fixes bug 11118; bugfix on 0.2.1.6-alpha.
|
||||||
- Document in the manpage that "KBytes" may also be written as
|
|
||||||
"kilobytes" or "KB", that "Kbits" may also be written as
|
|
||||||
"kilobits", and so forth. Closes ticket 9222.
|
|
||||||
- Fix a comment about the rend_server_descriptor_t.protocols field
|
- Fix a comment about the rend_server_descriptor_t.protocols field
|
||||||
to more accurately describe its range. Also, make that field
|
to more accurately describe its range. Also, make that field
|
||||||
unsigned, to more accurately reflect its usage. Fixes bug 9099;
|
unsigned, to more accurately reflect its usage. Fixes bug 9099;
|
||||||
bugfix on 0.2.1.5-alpha.
|
bugfix on 0.2.1.5-alpha.
|
||||||
|
- Document in the manpage that "KBytes" may also be written as
|
||||||
|
"kilobytes" or "KB", that "Kbits" may also be written as
|
||||||
|
"kilobits", and so forth. Closes ticket 9222.
|
||||||
|
|
||||||
o Code simplifications and refactoring:
|
o Code simplifications and refactoring:
|
||||||
- Get rid of router->address, since in all cases it was just the
|
- Get rid of router->address, since in all cases it was just the
|
||||||
|
Loading…
Reference in New Issue
Block a user