First draft of an 0.2.3.3-alpha changelog

ChangeLog

@@ -1,3 +1,138 @@
+Changes in version 0.2.3.3-alpha - 2011-0?-??
+  Tor 0.2.3.3-alpha adds a new major "stream isolation" feature to
+  improve Tor's security, and provides client-side support for several
+  the microdescriptor and optimistic data features introduced earlier in
+  the 0.2.3.x series.  Also, it has numerous critical bugfixes in the
+  (optional) bufferevent-based networking backend.
+
+  o Major features:
+    - You can now configure Tor so that streams from different
+      applications are isolated on different circuits, to prevent an
+      attacker who sees your streams leaving an exit node from linking
+      your sessions to one another. To do this, choose some way to
+      distinguish the applications: have them connect to different
+      SocksPorts, or have one of them use SOCKS4 while the other uses
+      SOCKS5, or have them pass different authentication strings to the
+      SOCKS proxy. Then, use the new SocksPort syntax to configure the
+      degree of isolation you need. This implements Proposal 171.
+    - The microdescriptor system is now on by default for clients. This
+      allows clients to download a much smaller amount of directory
+      information. To disable it, set "UseMicrodescriptors 0" in your
+      torrc file.
+    - Tor's firewall-helper feature, introduced in 0.2.3.1-alpha, now
+      supports Windows.
+    - When using an exit nodes running 0.2.3.x, clients can now
+      "optimistically" send data before the exit node reports that the
+      stream has opened. This saves a round trip when starting
+      connections where the client speaks first. This behavior is
+      controlled by a (currently disabled) consensus parameter. To turn
+      it on or off manually, use the "OptimisticData" torrc
+      option. Implements proposal 181; code by Ian Goldberg.
+
+  o Major bugfixes (bufferevents):
+    - When using IOCP on windows, we need to enable Libevent windows
+      threading support. Bugfix on 0.2.3.1-alpha.
+    - The IOCP backend now works even when the user has not specified
+      the (internal, debbuging-only) _UseFilteringSSLBufferevents option.
+      Fixes part of bug 3752; bugfix on 0.2.3.1-alpha.
+    - Correctly record the bytes we've read and written when using
+      bufferevents, so that we can include them in our bandwidth history
+      and advertised bandwidth. Fixes bug 3803; bugfix on 0.2.3.1-alpha.
+    - Apply rate-limiting only at the bottom of a chain of filtering
+      bufferevents. This prevents us from filling up internal read
+      buffers and violating rate-limits when filtering bufferevents
+      are enabled. Bugfix on 0.2.3.1-alpha; fixes part of bug 3804.
+    - Add high-watermarks to the output buffers for filtered
+      bufferevents. This prevents us from filling up internal write
+      buffers and wasting CPU cycles when filtering bufferevents are
+      enabled. Bugfix on 0.2.3.1-alpha; fixes part of bug 3804.
+    - Correctly notice when data has been written from a bufferevent
+      without flushing it completely. Bugfix on 0.2.3.1-alpha; fixes
+      bug 3805.
+    - Fix a bug where server-side tunneled bufferevent-based directory
+      streams would get closed prematurely. Fixes 3814, bugfix on
+      0.2.3.1-alpha.
+
+  o Major bugfixes (on 0.2.2.x and earlier): [stet]
+    - If we're configured to write our ControlPorts to disk, only write
+      them after switching UID and creating the data directory. This way,
+      we don't fail when starting up with a nonexistent DataDirectory
+      and a ControlPortWriteToFile setting based on that directory. Fixes
+      bug 3747; bugfix on Tor 0.2.2.26-beta.
+
+  o Minor features:
+    - There's a new syntax for specifying multiple client ports (such as
+      SOCKSPort, TransPort, DNSPort, NATDPort): you can now just declare
+      multiple *Port entries with full addr:port syntax on each.
+      The old *ListenAddress format is still supported, but you can't
+      mix it with the new *Port syntax.
+    - Added a new CONF_CHANGED event so that controllers can be notified
+      of any configuration changes made by other controllers, or by the
+      user.  Implements #1692.
+    - Use evbuffer_copyout() in inspect_evbuffer(). This fixes a memory
+      leak when using bufferevents, and lets Libevent worry about how to
+      best copy data out of a buffer.
+    - Replace files in stats/ rather than appending to them. Now that we
+      include statistics in extra-info descriptors, it makes no sense to
+      keep old statistics forever. Implements #2930.
+
+  o Minor features (build compatibility):
+    - Limited, experimental support for building with nmake and MSVC.
+    - Provide a substitute implementation of lround() for MSVC, which
+      apparently lacks it. Patch from Gisle Vanem.
+
+  o Minor features: [stet]
+    - Update to the August 2 2011 Maxmind GeoLite Country database.
+
+  o Minor bugfixes (on 0.2.3.x-alpha):
+    - Fix a spurious warning when parsing SOCKS requests with
+      bufferevents enabled. Fixes bug 3615; bugfix on 0.2.3.2-alpha.
+    - Get rid of a harmless warning that could happen on relays running
+      with bufferevents. The warning was caused by someone doing an http
+      request to a relay's orport. Also don't warn for a few related
+      non-errors. Fixes bug 3700; bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes (on 2.2.x and earlier):
+    - The "--quiet" and "--hush" options now apply not only to Tor's
+      behavior before logs are configured, but also to Tor's behavior in
+      the absense of configured logs. Fixes bug 3550; bugfix on
+      0.2.0.10-alpha.
+
+  o Minor bugfixes (on 2.2.x and earlier): [stet]
+    - Write several files in text mode, on OSes that distinguish text
+      mode from binary mode (namely, Windows). These files are:
+      'buffer-stats', 'dirreq-stats', and 'entry-stats' on relays
+      that collect those statistics; 'client_keys' and 'hostname' for
+      hidden services that use authentication; and (in the tor-gencert
+      utility) newly generated identity and signing keys. Previously,
+      we wouldn't specify text mode or binary mode, leading to an
+      assertion failure. Fixes bug 3607. Bugfix on 0.2.1.1-alpha (when
+      the DirRecordUsageByCountry option which would have triggered
+      the assertion failure was added), although this assertion failure
+      would have occurred in tor-gencert on Windows in 0.2.0.1-alpha.
+    - Selectively disable deprecation warnings on OS X because Lion
+      started deprecating the shipped copy of openssl. Fixes bug 3643.
+    - Remove an extra pair of quotation marks around the error
+      message in control-port STATUS_GENERAL BUG events. Bugfix on
+      0.1.2.6-alpha; fixes bug 3732.
+    - When unable to format an address as a string, report its value
+      as "???" rather than reusing the last formatted address. Bugfix
+      on 0.2.1.5-alpha.
+
+  o Code simplifications and refactoring:
+    - Rewrote the listener-selection logic so that parsing which ports
+      we want to listen on is now separate form binding to the ports
+      we want.
+
+  o Build changes:
+    - Building Tor with bufferevent support now requires Libevent
+      2.0.13-stable or later. Previous versions of Libevent had bugs in
+      SSL-related bufferevents and related issues that would make Tor
+      work badly with bufferevents. Requiring 2.0.13-stable also allows
+      Tor with bufferevents to take advantage of Libevent APIs
+      introduced after 2.0.8-rc.
+
+
 Changes in version 0.2.2.32 - 2011-08-27
   The Tor 0.2.2 release series is dedicated to the memory of Andreas
   Pfitzmann (1958-2010), a pioneer in anonymity and privacy research,

changes/bug1692

@@ -1,5 +0,0 @@
-  o Minor features:
-    - CONF_CHANGED event is provided so that controllers can be notified
-      of any configuration changes made by other controllers/SETCONF/HUP.
-      Implements #1692.
-

changes/bug2930

@@ -1,5 +0,0 @@
-  o Minor features:
-    - Replace files in stats/ rather than appending to them.  Now that we
-      include statistics in extra-info descriptors, it makes no sense to
-      keep old statistics forever.  Implements #2930.
-

changes/bug3550

@@ -1,5 +0,0 @@
-  o Minor bugfixes:
-    - The "--quiet" and "--hush" options now apply not only to Tor's
-      behavior before user-configured logs are added, but also to
-      Tor's behavior in the absense of configured logs. Fixes bug
-      3550; bugfix on 0.2.0.10-alpha.

changes/bug3607

@@ -1,15 +0,0 @@
-  o Minor bugfixes:
-
-    - Write several files in text mode, on OSes that distinguish text
-      mode from binary mode (namely, Windows).  These files are:
-      buffer-stats, dirreq-stats, and entry-stats on relays that collect
-      those statistics; client_keys and hostname files for hidden
-      services that use authentication; and (in the tor-gencert utility)
-      newly generated identity and signing keys.  Previously, we
-      wouldn't specify text mode or binary mode, leading to an assertion
-      failure.  Fixes bug 3607.  Bugfix on 0.2.1.1-alpha (when the
-      DirRecordUsageByCountry option which would have triggered the
-      assertion failure was added), although this assertion failure
-      would have occurred in tor-gencert on Windows in 0.2.0.1-alpha.
-
-

changes/bug3615

@@ -1,3 +0,0 @@
-  o Minor bugfixes:
-    - Fix a spurious warning when parsing SOCKS requests with
-      bufferevents enabled. Fixes bug 3615; bugfix on 0.2.3.2-alpha.

changes/bug3643

@@ -1,4 +0,0 @@
-  o Minor bugfixes:
-    - Selectively disable deprecation warnings on OS X because Lion started
-      deprecating the shipped copy of openssl. Fixes bug 3643.
-

changes/bug3700

@@ -1,6 +0,0 @@
-  o Minor bugfixes:
-    - Get rid of a harmless warning that could happen on relays running
-      with bufferevents. The warning was caused by someone doing an http
-      request to a relay's orport. Also don't warn for a few related
-      non-errors. Fixes bug 3700; bugfix on 0.2.3.1-alpha.
-

changes/bug3732

@@ -1,7 +0,0 @@
-  o Major bugfixes:
-
-    - Remove an extra pair of quotation marks around the error
-      message in control-port STATUS_GENERAL BUG events.  Bugfix on
-      0.1.2.6-alpha; fixes bug 3732.
-
-

changes/bug3747

@@ -1,6 +0,0 @@
-  o Major bugfixes:
-    - Write control ports to disk only after switching UID and
-      creating the data directory. This way, we don't fail when
-      starting up with a nonexistant DataDirectory and a
-      ControlPortWriteToFile setting based on that directory. Fixes
-      bug 3747; bugfix on Tor 0.2.2.26-beta.

changes/bug3752

@@ -1,5 +0,0 @@
-  o Major bugfixes:
-    - The IOCP backend now works even when the user has not specified
-      the (internal, debbuging-only) _UseFilteringSSLBufferevents option.
-      Fixes part of bug 3752; bugfix on 0.2.3.1-alpha.
-

changes/bug3803

@@ -1,4 +0,0 @@
-  o Major bugfixes (bufferevents):
-    - Correctly record the bytes we've read and written when using
-      bufferevents, so that we can include them in our bandwidth history
-      and advertised bandwidth. Fixes bug 3803; bugfix on 0.2.3.1-alpha.

changes/bug3804

@@ -1,9 +0,0 @@
-  o Major bugfixes (bufferevents):
-    - Apply rate-limiting only at the bottom of a chain of filtering
-      bufferevents. This prevents us from filling up internal read
-      buffers and violating rate-limits when filtering bufferevents
-      are enabled. Bugfix on 0.2.3.1-alpha; fixes part of bug 3804.
-    - Add high-watermarks to the output buffers for filtered
-      bufferevents. This prevents us from filling up internal write
-      buffers and wasting CPU cycles when filtering bufferevents are
-      enabled.  Bugfix on 0.2.3.1-alpha; fixes part of bug 3804.

changes/bug3805

@@ -1,5 +0,0 @@
-  o Major bugfixes (bufferevents):
-    - Correctly notice when data has been written from a bufferevent
-      without flushing it completely. Bugfix on 0.2.3.1-alpha; fixes
-      bug 3805.
-

changes/bug3814

@@ -1,4 +0,0 @@
-  o Major bugfixes (bufferevents):
-    - Fix a bug where server-side tunneled bufferevent-based directory
-      streams would get closed prematurely. Fixes 3814, bugfix on
-      0.2.3.1-alpha.

changes/fmt_addr

@@ -1,4 +0,0 @@
-  o Minor bugfixes:
-    - When unable to format an address as a string, report its value
-      as "???" rather than reusing the last formatted address. Bugfix
-      on 0.2.1.5-alpha.

changes/geoip-august2011

@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update to the August 2 2011 Maxmind GeoLite Country database.
-

changes/le-win-threads

@@ -1,3 +0,0 @@
-  o Major bugfixes (IOCP):
-    - When using IOCP on windows, we need to enable Libevent windows threading
-      support. Bugfix on 0.2.3.1-alpha.

changes/microdescs_on

@@ -1,5 +0,0 @@
-  o Major features:
-    - The microdescriptor system is now on by default for clients. This
-      allows clients to use Tor while downloading a much smaller amount
-      of directory information. To disable it, set "UseMicrodescriptors 0"
-      in your torrc file.

changes/msvc_lround

@@ -1,4 +0,0 @@
-  o Build fixes:
-    - Provide a substitute implementation of lround() for MSVC, which
-      apparently lacks it.  Patch from Gisle Vanem.
-      

changes/nmake

@@ -1,3 +0,0 @@
-  o Minor features (build compatibility):
-    - Limited, experimental support for building with nmake and MSVC.
-

changes/optimistic-client

@@ -1,9 +0,0 @@
-  o Major features:
-    - When using an exit nodes running 0.2.3.1-alpha and later,
-      clients can now "optimistically" send data on a stream before
-      the exit node reports that the stream has opened. This can save
-      a round trip when starting connections with protocols where the
-      client speaks first. This behavior is controlled by a (currently
-      disabled) networkstatus consensus parameter. To turn it on or
-      off manually, use the "OptimisticData" torrc option.  Implements
-      proposal 181; code by Ian Goldberg.

changes/prop171

@@ -1,22 +0,0 @@
-  o Major features:
-    - You can now configure Tor so that streams from different
-      applications are isolated on different circuits, to prevent an
-      attacker who sees your streams leaving an exit node from linking
-      your sessions to one another.  To do this, choose some way to
-      distinguish the applications -- have them connect to different
-      SocksPorts, or have one of them use SOCKS4 while the other uses
-      SOCKS5, or have them pass different authentication strings to
-      the SOCKS proxy.  Then use the new SocksPort syntax to configure
-      the degree of isolation you need. This implements Proposal 171.
-
-  o Minor features:
-    - There's a new syntax for specifying multiple client ports (such as
-      SOCKSPort, TransPort, DNSPort, NATDPort): you can now just declare
-      multiple ...Port entries with full addr:port syntax on each.
-      The old ...ListenAddress format is still supported, but you can't
-      mix it with the new SOCKSPort syntax.
-
-  o Code simplifications and refactoring:
-    - Rewrote the listener-selection logic so that parsing which ports
-      we want to listen on is now separate form binding to the ports
-      we want.

changes/require-le-2.0.13

@@ -1,12 +0,0 @@
-  o Build changes:
-    - Building Tor with bufferevent support now requires Libevent
-      2.0.13-stable or later. Previous versions of Libevent had bugs
-      in SSL-related bufferevents and related issues that would make
-      Tor work badly with bufferevents. Requiring 2.0.13-stable also
-      means that Tor with bufferevents can take advantage of Libevent
-      APIs introduced after 2.0.8-rc.
-
-  o Minor bugfixes:
-    - Use evbuffer_copyout() in inspect_evbuffer(). This fixes a memory
-      leak, and lets Libevent worry about how to best copy data out
-      of a buffer.