nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-27 22:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

minor changelog cleanups. declare that friday is when we release it.

Browse Source 
svn:r17207
This commit is contained in:
Roger Dingledine 2008-11-07 05:11:41 +00:00
parent bc128c0b03
commit 311b8b274c
1 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
ChangeLog
View File

@ -1,4 +1,4 @@
Changes in version 0.2.1.7-alpha - 2008-11-xx
Changes in version 0.2.1.7-alpha - 2008-11-07
o Security fixes:
- The "ClientDNSRejectInternalAddresses" config option wasn't being
consistently obeyed: if an exit relay refuses a stream because its
@ -6,26 +6,26 @@ Changes in version 0.2.1.7-alpha - 2008-11-xx
the relay said the destination address resolves to, even if it's
an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.
- The "User" and "Group" config options did not clear the
supplementary group entries for the process. The "User" option
has been made more robust, and also now also sets the groups to
the specified user's primary group. The "Group" option is now
ignored. For more detailed logging on credential switching, set
CREDENTIAL_LOG_LEVEL in common/compat.c to LOG_NOTICE or higher;
patch by Jacob Appelbaum and Steven Murdoch.
supplementary group entries for the Tor process. The "User" option
is now more robust, and we now set the groups to the specified
user's primary group. The "Group" option is now ignored. For more
detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
and Steven Murdoch.
o Minor features:
- Now NodeFamily and MyFamily config options allow spaces in
identity fingerprints, so it's easier to paste them in.
Suggested by Lucky Green.
- Implement the 0x20 hack to better resist DNS poisoning: set the
case on outgoing DNS requests randomly, and reject responses that do
not match the case correctly. This logic can be disabled with the
ServerDNSRamdomizeCase setting, if you are using one of the 0.3%
of servers that do not reliably preserve case in replies. See
"Increased DNS Forgery Resistance through 0x20-Bit Encoding"
for more info.
- Preserve case in replies to DNSPort requests in order to support
the 0x20 hack for resisting DNS poisoning attacks.
- Implement the 0x20 hack to better resist DNS poisoning: set the
case on outgoing DNS requests randomly, and reject responses
that do not match the case correctly. This logic can be
disabled with the ServerDNSRamdomizeCase setting, if you are
using one of the 0.3% of servers that do not reliably preserve
case in replies. See "Increased DNS Forgery Resistance through
0x20-Bit Encoding" for more info.
o Hidden service performance improvements:
- When the client launches an introduction circuit, retry with a