reformat 0.2.7.1-alpha changelog

This commit is contained in:
Nick Mathewson 2015-04-30 15:30:20 -04:00
parent ef7ef4abb4
commit 411049d0d4

251
ChangeLog
View File

@ -1,67 +1,94 @@
Changes in version 0.2.7.1-alpha - 2015-05-??
Tor 0.2.7.1-alpha is the first alpha release in its series.
o New system requirements:
- Tor no longer includes workarounds for Libevent versions before
1.3e. Libevent 2.0 or later is recommended. Closes ticket 15248.
o Major features (controller):
- Add the ADD_ONION and DEL_ONION commands that allows the creation
and management of hidden services via the controller. Closes
ticket 6411.
- New "GETINFO onions/current" and "GETINFO onions/detached" to get
information about hidden services created via the controller.
Part of ticket 6411.
- New HSFETCH command to launch a request for a hidden service descriptor.
Closes ticket 14847.
information about hidden services created via the controller. Part
of ticket 6411.
- New HSFETCH command to launch a request for a hidden service
descriptor. Closes ticket 14847.
o Major bugfixes (hidden services):
- Revert commit that made directory authority assign the HSDir flag to
relay without a DirPort which is bad because relay can't handle
- Revert commit that made directory authority assign the HSDir flag
to relay without a DirPort which is bad because relay can't handle
BEGIN_DIR cells. Fixes bug 15850; bugfix on tor-0.2.6.3-alpha.
o Minor features (HS popularity countermeasure):
- To avoid leaking HS popularity, don't cycle the introduction point
when we've handled a fixed number of INTRODUCE2 cells but instead
cycle it when a random value of introductions is reached thus making
it more difficult for an attacker to find out the amount of clients
that has passed through the introduction point for a specific HS.
Closes ticket 15745.
o Minor features (clock-jump tolerance):
- Recover better when our clock jumps back many hours, like might
happen for Tails or Whonix users who start with a very wrong
hardware clock, use Tor to discover a more accurate time, and then
fix their clock. Resolves part of ticket 8766. [I'd call this a
major feature if it actually fixed all of the issues.]
o Minor features (command-line interface):
- Make --hash-password imply --hush to prevent unnecessary noise. Closes
ticket 15542.
- Make --hash-password imply --hush to prevent unnecessary noise.
Closes ticket 15542.
- Print a warning whenever we find a relative file path being used
as torrc option. Resolves issue 14018.
- The "--hash-password" option now implies "--hush" to avoid
needless noise. Closes ticket 15542. Patch from "cypherpunks".
o Minor features (controller)
- Controllers can now use GETINFO hs/client/desc/id/... to
retrieve items from the client's hidden service descriptor
cache. Closes ticket 14845.
o Minor features (controller):
- Controllers can now use GETINFO hs/client/desc/id/... to retrieve
items from the client's hidden service descriptor cache. Closes
ticket 14845.
o Minor features (controller):
- Add DirAuthority lines for default directory authorities to output
of the GETINFO config/defaults controller command if not already
present. Implements ticket 14840.
- Implement a new controller command "status/fresh-relay-descs" to
fetch a descriptor/extrainfo pair that was generated on demand
just for the controller's use. Implements ticket 14784.
o Minor features (DoS-resistance):
- Make it harder for attackers to overwhelm hidden services with
introductions, by blocking multiple introduction requests on the
same circuit. Resolves ticket 15515.
o Minor features (geoip):
- Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
- Update geoip6 to the April 8 2015 Maxmind GeoLite2
Country database.
o Minor features (HS popularity countermeasure):
- To avoid leaking HS popularity, don't cycle the introduction point
when we've handled a fixed number of INTRODUCE2 cells but instead
cycle it when a random value of introductions is reached thus
making it more difficult for an attacker to find out the amount of
clients that has passed through the introduction point for a
specific HS. Closes ticket 15745.
o Minor features (logging):
- Include the Tor version in all LD_BUG log messages, since people
tend to cut and paste those into the bugtracker. Implements
ticket 15026.
o Minor features (pluggable transports):
- When launching managed pluggable transports, setup a valid open stdin
in the child process that can be used to detect if tor has terminated.
The "TOR_PT_EXIT_ON_STDIN_CLOSE" enviornment variable can be used by
implementations to detect this new behavior. Resolves ticket 15435.
- When launching managed pluggable transports, setup a valid open
stdin in the child process that can be used to detect if tor has
terminated. The "TOR_PT_EXIT_ON_STDIN_CLOSE" enviornment variable
can be used by implementations to detect this new behavior.
Resolves ticket 15435.
- When launching managed pluggable transports on linux systems,
attempt to have the kernel deliver a SIGTERM on tor exit if
the pluggable transport process is still running. Resolves
attempt to have the kernel deliver a SIGTERM on tor exit if the
pluggable transport process is still running. Resolves
ticket 15471.
o Minor features (testing):
- Add make rule `check-changes` to verify the format of changes files.
Closes ticket 15180.
- Add unit tests for control_event_is_interesting().
Add a compile-time check that the number of events doesn't exceed
the capacity of control_event_t.event_mask.
Closes ticket 15431, checks for bugs similar to 13085.
Patch by "teor".
- Add make rule `check-changes` to verify the format of changes
files. Closes ticket 15180.
- Add unit tests for control_event_is_interesting(). Add a compile-
time check that the number of events doesn't exceed the capacity
of control_event_t.event_mask. Closes ticket 15431, checks for
bugs similar to 13085. Patch by "teor".
- Commandline argument tests moved to Stem. Resolves ticket 14806.
- Integrate the ntor, backtrace and zero lengths keys tests into the
automake test suite. Closes ticket 15344.
@ -73,60 +100,35 @@ Changes in version 0.2.7.1-alpha - 2015-05-??
- Add a test to verify that the compiler does not eliminate our
memwipe() implementation. Closes ticket 15377.
o Minor features (controller):
- Add DirAuthority lines for default directory authorities to output
of the GETINFO config/defaults controller command if not already
present. Implements ticket 14840.
- Implement a new controller command "status/fresh-relay-descs" to
fetch a descriptor/extrainfo pair that was generated on demand
just for the controller's use. Implements ticket 14784.
o Minor features (command-line interface):
- Print a warning whenever we find a relative
file path being used as torrc option. Resolves issue 14018.
- The "--hash-password" option now implies "--hush" to avoid needless
noise. Closes ticket 15542. Patch from "cypherpunks".
o Minor features (clock-jump tolerance):
- Recover better when our clock jumps back many hours, like might
happen for Tails or Whonix users who start with a very wrong
hardware clock, use Tor to discover a more accurate time, and then
fix their clock. Resolves part of ticket 8766.
[I'd call this a major feature if it actually fixed all of the issues.]
o Minor features (geoip):
- Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
- Update geoip6 to the April 8 2015 Maxmind GeoLite2 Country database.
o Minor bugfixes (statistics):
- Disregard the ConnDirectionStatistics torrc options when Tor is
not a relay since in that mode of operation no sensible data is
being collected and because Tor might run into measurement hiccups
when running as a client for some time, then becoming a relay. Fixes
bug 15604; bugfix on 0.2.2.35.
o Minor bugfixes (build):
- Improve out-of-tree builds by making non-standard rules work and clean up
additional files and directories. Fixes bug 15053; bugfix on
0.2.7.0-alpha.
- Improve out-of-tree builds by making non-standard rules work and
clean up additional files and directories. Fixes bug 15053; bugfix
on 0.2.7.0-alpha.
o Minor bugfixes (command-line interface):
- When "--quiet" is provided along with "--validate-config", do not
write anything to stdout on success. Fixes bug 14994; bugfix on
0.2.3.3-alpha.
write anything to stdout on success. Fixes bug 14994; bugfix
on 0.2.3.3-alpha.
- When complaining about bad arguments to "--dump-config", use
stderr, not stdout.
o Minor bugfixes (configuration, unit tests):
- Only add the default fallback directories when the DirAuthorities,
AlternateDirAuthority, and FallbackDir directory config options
are set to their defaults.
The default fallback directory list is currently empty, this fix
will only change tor's behaviour when it has default fallback
directories.
Includes unit tests for consider_adding_dir_servers().
Fixes bug 15642; bugfix on 90f6071d8dc0 in 0.2.4.7-alpha.
Patch by "teor".
are set to their defaults. The default fallback directory list is
currently empty, this fix will only change tor's behaviour when it
has default fallback directories. Includes unit tests for
consider_adding_dir_servers(). Fixes bug 15642; bugfix on
90f6071d8dc0 in 0.2.4.7-alpha. Patch by "teor".
o Minor bugfixes (correctness):
- Remove side-effects from tor_assert() calls. This was harmless,
because we never disable assertions, but it is bad style and
unnecessary. Fixes bug 15211; bugfix on 0.2.5.5, 0.2.2.36,
and 0.2.0.10.
- For correctness, avoid modifying a constant string in
handle_control_postdescriptor. Fixes bug 15546; bugfix
on 0.1.1.16-rc.
o Minor bugfixes (hidden service):
- Remove an extraneous newline character from the end of hidden
@ -135,61 +137,55 @@ Changes in version 0.2.7.1-alpha - 2015-05-??
o Minor bugfixes (interface):
- Print usage information for --dump-config when it is used without
an argument. Also, fix the error message to use different wording
and add newline at the end. Fixes bug 15541; bugfix on 0.2.5.1-alpha.
and add newline at the end. Fixes bug 15541; bugfix
on 0.2.5.1-alpha.
o Minor bugfixes (logs):
- When building Tor under Clang, do not include an extra set of
parentheses in log messages that include function names.
Fixes bug 15269; bugfix on every released version of Tor when
compiled with recent enough Clang.
o Minor bugfixes (test networks)
- When self-testing reachability, use ExtendAllowPrivateAddresses
to determine if local/private addresses imply reachability.
The previous fix used TestingTorNetwork, which implies
ExtendAllowPrivateAddresses, but this excluded rare configs where
ExtendAllowPrivateAddresses is set but TestingTorNetwork is not.
Fixes bug 15771; bugfix on 0.2.6.1-alpha.
Patch by "teor", issue discovered by CJ Ess.
o Minor bugfixes (testing):
- Set the severity correctly when testing get_interface_addresses_ifaddrs()
and get_interface_addresses_win32(), so that the tests fail gracefully
instead of triggering an assertion. Fixes bug 15759; bugfix on
0.2.6.3-alpha. Reported by Nicolas Derive.
- Check for matching value in server response in ntor_ref.py.
Fixes bug 15591; bugfix on 0.2.4.8-alpha. Reported and fixed
by "joelanders".
o Minor bugfixes (correctness):
- Remove side-effects from tor_assert() calls. This was harmless,
because we never disable assertions, but it is bad style and
unnecessary. Fixes bug 15211; bugfix on 0.2.5.5, 0.2.2.36, and
0.2.0.10.
- For correctness, avoid modifying a constant string in
handle_control_postdescriptor. Fixes bug 15546; bugfix on
0.1.1.16-rc.
parentheses in log messages that include function names. Fixes bug
15269; bugfix on every released version of Tor when compiled with
recent enough Clang.
o Minor bugfixes (network):
- When attempting to use fallback technique for network interface
lookup, disregard loopback and multicast addresses since they are
unsuitable for public communications.
o Minor bugfixes (statistics):
- Disregard the ConnDirectionStatistics torrc options when Tor is
not a relay since in that mode of operation no sensible data is
being collected and because Tor might run into measurement hiccups
when running as a client for some time, then becoming a relay.
Fixes bug 15604; bugfix on 0.2.2.35.
o Minor bugfixes (test networks):
- When self-testing reachability, use ExtendAllowPrivateAddresses to
determine if local/private addresses imply reachability. The
previous fix used TestingTorNetwork, which implies
ExtendAllowPrivateAddresses, but this excluded rare configs where
ExtendAllowPrivateAddresses is set but TestingTorNetwork is not.
Fixes bug 15771; bugfix on 0.2.6.1-alpha. Patch by "teor", issue
discovered by CJ Ess.
o Minor bugfixes (testing):
- Set the severity correctly when testing
get_interface_addresses_ifaddrs() and
get_interface_addresses_win32(), so that the tests fail gracefully
instead of triggering an assertion. Fixes bug 15759; bugfix on
0.2.6.3-alpha. Reported by Nicolas Derive.
- Check for matching value in server response in ntor_ref.py. Fixes
bug 15591; bugfix on 0.2.4.8-alpha. Reported and fixed
by "joelanders".
o Code simplification and refactoring:
- Move the hacky fallback code out of get_interface_address6()
into separate function and get it covered with unit-tests. Resolves
- Move the hacky fallback code out of get_interface_address6() into
separate function and get it covered with unit-tests. Resolves
ticket 14710.
- Refactor hidden service client-side cache lookup to intelligently
report its various failure cases, and disentangle failure cases
involving a lack of introduction points. Closes ticket 14391.
- Use our own Base64 encoder instead of OpenSSL's, to allow more control
over the output. Part of ticket 15652.
o Removed code:
- Remove `USE_OPENSSL_BASE64` and the corresponding fallback code and
always use the internal Base64 decoder. The internal decoder has been
part of tor since tor-0.2.0.10-alpha, and no one should be using the
OpenSSL one. Part of ticket 15652.
- Use our own Base64 encoder instead of OpenSSL's, to allow more
control over the output. Part of ticket 15652.
o Documentation:
- Improve the descriptions of statistics-related torrc options in
@ -201,22 +197,21 @@ Changes in version 0.2.7.1-alpha - 2015-05-??
Previously, we had used "router descriptor", "server descriptor",
and "relay descriptor" interchangeably. Part of ticket 14987.
o New system requirements:
- Tor no longer includes workarounds for Libevent versions before 1.3e.
Libevent 2.0 or later is recommended. Closes ticket 15248.
o Removed code:
- Remove `USE_OPENSSL_BASE64` and the corresponding fallback code
and always use the internal Base64 decoder. The internal decoder
has been part of tor since tor-0.2.0.10-alpha, and no one should
be using the OpenSSL one. Part of ticket 15652.
- Remove the 'tor_strclear()' function; use memwipe() instead.
Closes ticket 14922.
o Removed features:
- Remove the (seldom-used) DynamicDHGroups feature. For
anti-fingerprinting we now recommend pluggable transports; for
forward-secrecy in TLS, we now use the P-256 group.
Closes ticket 13736.
- Remove the (seldom-used) DynamicDHGroups feature. For anti-
fingerprinting we now recommend pluggable transports; for forward-
secrecy in TLS, we now use the P-256 group. Closes ticket 13736.
- Remove the undocumented "--digests" command-line option. It
complicated our build process, caused subtle build issues
on multiple platforms, and is now redundant since we started
complicated our build process, caused subtle build issues on
multiple platforms, and is now redundant since we started
including git version identifiers. Closes ticket 14742.
- Tor no longer contains workarounds for stat files generated by
super-old versions of Tor that didn't choose guards sensibly.