copy-edit the 0.2.5.3-alpha changelog even more

This commit is contained in:
Nick Mathewson 2014-03-18 22:52:09 -04:00
parent 42e7eb7017
commit 1dc000f7df

View File

@ -1,34 +1,33 @@
Changes in version 0.2.5.3-alpha - 2014-03-?? Changes in version 0.2.5.3-alpha - 2014-03-??
Tor 0.2.5.3-alpha includes all the fixes from 0.2.4.21. It contains Tor 0.2.5.3-alpha includes all the fixes from 0.2.4.21. It contains
two new anti-DoS features for Tor nodes, resolves a bug that was two new anti-DoS features for Tor nodes, resolves a bug that kept
keeping SOCKS5 support for IPv6 from working, fixes several annoying SOCKS5 support for IPv6 from working, fixes several annoying usability
usability issues for bridge users, and removes more old issues for bridge users, and removes more old code for unused
code for unused directory formats. directory formats.
The Tor 0.2.5.x release series is now in patch-freeze: no feature The Tor 0.2.5.x release series is now in patch-freeze: no feature
patches not already written will be considered for inclusion in patches not already written will be considered for inclusion in
0.2.5.x. 0.2.5.x.
o Major features (server security, DoS-resistance): o Major features (server security, DoS-resistance):
- When we run out of memory and we need to close circuits, also - When deciding whether we have run out of memory and we need to
consider how much memory is allocated in buffers for streams close circuits, also consider memory allocated in buffers for
attached to each circuit. streams attached to each circuit.
This change, which extends an anti-DoS feature introduced in This change, which extends an anti-DoS feature introduced in
0.2.4.13-alpha and improved in 0.2.4.14-alpha, lets Tor exit nodes 0.2.4.13-alpha and improved in 0.2.4.14-alpha, lets Tor exit nodes
better resist more memory-based DoS attacks than before. Since the better resist more memory-based DoS attacks than before. Since the
MaxMemInCellQueues option now applies to all queues, not only cell MaxMemInCellQueues option now applies to all queues, it is renamed
queues, it is now renamed to MaxMemInQueues. This feature fixes to MaxMemInQueues. This feature fixes bug 10169.
bug 10169.
- Avoid hash-flooding denial-of-service attacks by using the secure - Avoid hash-flooding denial-of-service attacks by using the secure
SipHash-2-4 hash function for our hashtables. Without this SipHash-2-4 hash function for our hashtables. Without this
feature, an attacker could degrade performance of a targeted feature, an attacker could degrade performance of a targeted
client or server by flooding their data structures with a large client or server by flooding their data structures with a large
number of data entries all calculated to be stored at the same number of entries to be stored at the same hash table position,
hash table position, thereby slowing down hash table operations. thereby slowing down the Tor instance. With this feature, hash
With this feature, hash table positions are derived from a table positions are derived from a randomized cryptographic key,
randomized cryptographic key, and an attacker cannot predict which and an attacker cannot predict which entries will collide. Closes
entries will collide. Closes ticket 4900. ticket 4900.
- Decrease the lower limit of MaxMemInQueues to 256 MBytes, to - Decrease the lower limit of MaxMemInQueues to 256 MBytes, to
better support Raspberry Pi users. Fixes bug 9686; bugfix on better support Raspberry Pi users. Fixes bug 9686; bugfix on
0.2.4.14-alpha. 0.2.4.14-alpha.
@ -36,11 +35,11 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
o Minor features (bridges, pluggable transports): o Minor features (bridges, pluggable transports):
- Bridges now write the SHA1 digest of their identity key - Bridges now write the SHA1 digest of their identity key
fingerprint (that is, a hash of a hash of their public key) to fingerprint (that is, a hash of a hash of their public key) to
notice-level logs and to a new hashed-fingerprint file. This will notice-level logs, and to a new hashed-fingerprint file. This
help bridge operatorslook up their bridge in Globe and similar information will help bridge operators look up their bridge in
tools. Resolves ticket 10884. Globe and similar tools. Resolves ticket 10884.
- Improve the message that gets displayed when Tor as a bridge is - Improve the message that Tor displays when running as a bridge
using pluggable transports but doesn't have an Extended ORPort using pluggable transports without an Extended ORPort
listener. Also, log the message in the log file too. Resolves listener. Also, log the message in the log file too. Resolves
ticket 11043. ticket 11043.
- Stop giving annoying warning messages when we decide not to launch - Stop giving annoying warning messages when we decide not to launch
@ -50,7 +49,7 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
o Minor features (other): o Minor features (other):
- Add a new option, PredictedPortsRelevanceTime, to control how long - Add a new option, PredictedPortsRelevanceTime, to control how long
after having received a request to connect to a given port Tor after having received a request to connect to a given port Tor
will try to keep circuits ready in anticipation of future request will try to keep circuits ready in anticipation of future requests
for that port. Patch from "unixninja92"; implements ticket 9176. for that port. Patch from "unixninja92"; implements ticket 9176.
- Generate a warning if any ports are listed in the SocksPolicy, - Generate a warning if any ports are listed in the SocksPolicy,
DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or
@ -74,23 +73,22 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
bugfix on 0.2.5.1-alpha. Patch from Dana Koch. bugfix on 0.2.5.1-alpha. Patch from Dana Koch.
o Minor bugfixes (client): o Minor bugfixes (client):
- Fix connections to IPv6 addresses over SOCKS5; previously, we were - Fix connections to IPv6 addresses over SOCKS5. Previously, we were
generating incorrect SOCKS5 responses, and confusing client generating incorrect SOCKS5 responses, and confusing client
applications. Fixes bug 10987; bugfix on 0.2.4.7-alpha. applications. Fixes bug 10987; bugfix on 0.2.4.7-alpha.
- Raises a control port warning when we fail to connect to all of - Raise a control port warning when we fail to connect to all of
our bridges. Previously, we didn't let the controller know, which our bridges. Previously, we didn't inform the controller, and
would make the bootstrap process stall. Fixes bug 11069; bugfix on the bootstrap process would stall. Fixes bug 11069; bugfix on
tor-0.2.1.2-alpha. tor-0.2.1.2-alpha.
- Exit immediately when a process-owning controller exits. - Exit immediately when a process-owning controller exits.
Previously, tor relays would wait for a little while after their Previously, tor relays would wait for a little while after their
controller exited, as if they had gotten an INT signal--but this controller exited, as if they had gotten an INT signal--but this
was problematic, since there was no feedback for the was problematic, since there was no feedback for the user. To do a
user. Controllers that want to do a clean shutdown should send an clean shutdown, controllers should send an INT signal and give Tor
INT signal to let the user know what's going on. Fix for bug a chance to clean up. Fix for bug 10449; bugfix on 0.2.2.28-beta.
10449; bugfix on 0.2.2.28-beta.
- Improve the log message when we can't connect to a hidden service - Improve the log message when we can't connect to a hidden service
because we have excluded all of the hidden service directory nodes because all of the hidden service directory nodes hosting its
hosting its descriptor. Improves on our fix for bug 10722, which descriptor are excluded. Improves on our fix for bug 10722, which
was a bugfix on 0.2.0.10-alpha. was a bugfix on 0.2.0.10-alpha.
- Fix a bug where we would attempt to connect to bridges before our - Fix a bug where we would attempt to connect to bridges before our
pluggable transports were configured, which resulted in some pluggable transports were configured, which resulted in some
@ -103,9 +101,8 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
bugfix on 0.2.1.7-alpha. Patch from Matt Pagan. bugfix on 0.2.1.7-alpha. Patch from Matt Pagan.
- Avoid crashing on a malformed resolv.conf file when running a - Avoid crashing on a malformed resolv.conf file when running a
server using Libevent 1. Fixes bug 8788; bugfix on 0.1.1.23. server using Libevent 1. Fixes bug 8788; bugfix on 0.1.1.23.
- Give the correct URL in the warning message that we present when - Give the correct URL in the warning message when trying to run a
trying to run a Tor relay on an ancient version of Windows. Fixes Tor relay on an ancient version of Windows. Fixes bug 9393.
bug 9393.
- Bridges now never collect statistics that were designed for - Bridges now never collect statistics that were designed for
relays. Fix for bug 5824; bugfix on 0.2.3.8-alpha. relays. Fix for bug 5824; bugfix on 0.2.3.8-alpha.
- Bridges now report complete directory request statistics. Related - Bridges now report complete directory request statistics. Related
@ -116,7 +113,7 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
-fasynchronous-unwind-tables compiler option. This option is -fasynchronous-unwind-tables compiler option. This option is
needed for platforms like 32-bit Intel where -fomit-frame-pointer needed for platforms like 32-bit Intel where -fomit-frame-pointer
is on by default and table generation is not. This doesn't yet is on by default and table generation is not. This doesn't yet
add Windows support yet; only Linux, OSX, and some BSD are add Windows support yet; only Linux, OSX, and some BSDs are
affected. Reported by 'cypherpunks'; fixes bug 11047; bugfix on affected. Reported by 'cypherpunks'; fixes bug 11047; bugfix on
0.2.5.2-alpha. 0.2.5.2-alpha.
- Avoid strange behavior if two threads hit failed assertions at the - Avoid strange behavior if two threads hit failed assertions at the
@ -125,9 +122,8 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
intermediate results in the same buffer, and generated junk intermediate results in the same buffer, and generated junk
outputs.) Reported by "cypherpunks". Fixes bug 11048; bugfix on outputs.) Reported by "cypherpunks". Fixes bug 11048; bugfix on
0.2.5.2-alpha. 0.2.5.2-alpha.
- Fix a 64-to-32-conversion compiler warning in - Fix a compiler warning in format_number_sigsafe(). Bugfix on
format_number_sigsafe(). Bugfix on 0.2.5.2-alpha; patch from Nick 0.2.5.2-alpha; patch from Nick Hopper.
Hopper.
o Removed code: o Removed code:
- Remove all remaining code related to version-0 hidden service - Remove all remaining code related to version-0 hidden service
@ -135,18 +131,18 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
the rest of bug 10841. the rest of bug 10841.
o Documentation: o Documentation:
- Explain that SocksPolicy, DirPolicy, and their allies don't take - Explain that SocksPolicy, DirPolicy, and similar options don't
port arguments. Fixes ticket 11108. take port arguments. Fixes ticket 11108.
- Fix the max client name length in the manpage's description of - Fix the manpage's description of HiddenServiceAuthorizeClient
HiddenServiceAuthorizeClient description: it should have been 16, description: it should have given the maximum client name length
not 19. Fixes bug 11118; bugfix on 0.2.1.6-alpha. as 16, not 19. Fixes bug 11118; bugfix on 0.2.1.6-alpha.
- Document in the manpage that "KBytes" may also be written as
"kilobytes" or "KB", that "Kbits" may also be written as
"kilobits", and so forth. Closes ticket 9222.
- Fix a comment about the rend_server_descriptor_t.protocols field - Fix a comment about the rend_server_descriptor_t.protocols field
to more accurately describe its range. Also, make that field to more accurately describe its range. Also, make that field
unsigned, to more accurately reflect its usage. Fixes bug 9099; unsigned, to more accurately reflect its usage. Fixes bug 9099;
bugfix on 0.2.1.5-alpha. bugfix on 0.2.1.5-alpha.
- Document in the manpage that "KBytes" may also be written as
"kilobytes" or "KB", that "Kbits" may also be written as
"kilobits", and so forth. Closes ticket 9222.
o Code simplifications and refactoring: o Code simplifications and refactoring:
- Get rid of router->address, since in all cases it was just the - Get rid of router->address, since in all cases it was just the