Reformat the changelog

This commit is contained in:
Nick Mathewson 2015-09-24 10:57:22 -04:00
parent 8cf756da63
commit 4ee4fe56ee

194
ChangeLog
View File

@ -1,58 +1,58 @@
Changes in version 0.2.7.3-rc - 2015-09-2?
Tor 0.2.7.3-rc is the first release candidate in the 0.2.7 series. It
Tor 0.2.7.3-rc is the first release candidate in the 0.2.7 series. It
contains numerous usability fixes for Ed25519 keys, safeguards against
several misconfiguration problems, significant simplifications to Tor's
callgraph, and numerous bugfixes and small
features.
several misconfiguration problems, significant simplifications to
Tor's callgraph, and numerous bugfixes and small features.
This is the most tested release of Tor to date. The unit tests cover
39.40% of the code, and the integration tests (accessible with "make
test-full-online", requiring stem and chutney and a network connection)
raise the coverage to XXX.
test-full-online", requiring stem and chutney and a network
connection) raise the coverage to XXX.
If this is your first time upgrading a relay to Tor 0.2.7, your Tor
relay will, by default, generate a new Ed25519 identity key. If you
relay will, by default, generate a new Ed25519 identity key. If you
would prefer to keep your Ed25519 identity key offline or encrypted
for improved security, you can do so by following the instructions at
XXX.
for improved security, you can do so by following the instructions
at XXX.
o Major features (security, hidden services):
- Hidden services are required to use more than one EntryNode,
to avoid a guard discovery attack. See ticket for more
information. Fixes ticket 14917.
o Major features (relay, Ed25519):
- Significant usability improvements for Ed25519
key management. Log messages are better, and the code can recover
from far more failure conditions. Thanks to "s7r" for reporting
and diagnosing so many of these!
- On receiving a HUP signal, check to see whether the Ed25519
signing key has changed, and reload it if so. Closes ticket 16790.
- Hidden services are required to use more than one EntryNode, to
avoid a guard discovery attack. See ticket for more information.
Fixes ticket 14917.
o Major features (ed25519 performance):
- Improve the speed of Ed25519 operations and Curve25519
keypair generation when built targeting 32 bit x86 platforms with
SSE2 available. Implements ticket 16535.
- Improve the speed of Ed25519 operations and Curve25519 keypair
generation when built targeting 32 bit x86 platforms with SSE2
available. Implements ticket 16535.
- Improve the runtime speed of Ed25519 signature verification by
using Ed25519-donna's batch verification support. Implements ticket 16533.
using Ed25519-donna's batch verification support. Implements
ticket 16533.
o Major features (performance testing):
- The test-network.sh script now supports performance testing.
Requires corresponding chutney performance testing changes.
Patch by "teor". Closes ticket 14175.
Requires corresponding chutney performance testing changes. Patch
by "teor". Closes ticket 14175.
o Major features (relay, Ed25519):
- Significant usability improvements for Ed25519 key management. Log
messages are better, and the code can recover from far more
failure conditions. Thanks to "s7r" for reporting and diagnosing
so many of these!
- On receiving a HUP signal, check to see whether the Ed25519
signing key has changed, and reload it if so. Closes ticket 16790.
o Major bugfixes (relay, Ed25519):
- Avoid crashing on 'tor --keygen'. Fixes bug 16679; bugfix on
0.2.7.2-alpha. Reported by "s7r".
- Improve handling of expired signing keys with offline master
keys. Fixes bug 16685; bugfix on 0.2.7.2-alpha. Reported by "s7r".
- Improve handling of expired signing keys with offline master keys.
Fixes bug 16685; bugfix on 0.2.7.2-alpha. Reported by "s7r".
o Minor features (client-side privacy):
- New KeyAliveSOCKSAuth option to indefinitely extend circuit lifespan
when IsolateSOCKSAuth and streams with SOCKS authentication are attached
to the circuit. This allows applications like TorBrowser to
manage circuit lifetime on their own. Implements feature 15482.
- New KeyAliveSOCKSAuth option to indefinitely extend circuit
lifespan when IsolateSOCKSAuth and streams with SOCKS
authentication are attached to the circuit. This allows
applications like TorBrowser to manage circuit lifetime on their
own. Implements feature 15482.
- When logging malformed hostnames from SOCKS5 requests, respect
SafeLogging configuration. Fixes bug 16891; bugfix on 0.1.1.16-rc.
@ -73,79 +73,39 @@ Changes in version 0.2.7.3-rc - 2015-09-2?
option HiddenServiceStatistics to "1" by default. Closes
ticket 15254.
- Client now uses an introduction point failure cache to know when
to fetch or keep a descriptor in their cache. Previously,
failures were recorded implicitly, but not explicitly remembered.
Closes ticket 16389.
to fetch or keep a descriptor in their cache. Previously, failures
were recorded implicitly, but not explicitly remembered. Closes
ticket 16389.
o Minor features (testing, authorities, documentation):
- New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags to
explicitly manage consensus flags in t3esting networks.
Patch by "robgjansen", modified by "teor". Implements part of
ticket 14882.
explicitly manage consensus flags in t3esting networks. Patch by
"robgjansen", modified by "teor". Implements part of ticket 14882.
o Minor bugfixes (security, exit policies):
- ExitPolicyRejectPrivate now also rejects
the relay's published IPv6 address (if any), and any publicly
routable IPv4 or IPv6 addresses on any local interfacesn.
ticket 17027. Patch by "teor". Fixes bug 17027; bugfix on 0.2.0.11-alpha.
o Minor bugfixes (portability):
- Try harder to normalize the exit status of the Tor process to the
standard-provided range. Fixes bug 16975; bugfix on every version
of Tor ever.
- Check correctly for windows socket errors in the workqueue
backend. Fixes bug 16741; bugfix on 0.2.6.3-alpha.
- Fix the behavior of crypto_rand_time_range() when told to consider times
before 1970. (These times were possible when running in a
simulated network environment where time()'s output starts at
zero.) Fixes bug 16980; bugfix on 0.2.7.1-alpha.
o Minor bugfixes (documentation):
- Fix the usage message of tor-resolve(1) so that it no longer lists
the removed -F option. Fixes bug 16913; bugfix on
0.2.2.28-beta.
- Fix an error in the manual page and comments for
TestingDirAuthVoteHSDir[IsStrict], which suggested that a HSDir
required "ORPort connectivity". While this is true, it is in no
way unique to the HSDir flag. Of all the flags, only HSDirs need a
DirPort configured in order for the authorities to assign that
particular flag. Patch by "teor". Fixed as part of 14882; bugfix on 0.2.6.3-alpha.
o Minor bugfixes (relay):
- Ensure that worker threads actually exit when a fatal error or
shutdown is indicated. This fix doesn't currently affect the behaviour
of Tor, because Tor workers never indicates fatal error or shutdown except
in the unit tests. Fixes bug 16868; bugfix on 0.2.6.3-alpha.
o Minor bugfixes (correctness):
- When calling channel_free_list(), avoid calling smartlist_remove()
while inside a FOREACH loop. This partially reverts commit
17356fe7fd96af where the correct SMARTLIST_DEL_CURRENT was
incorrectly removed. Fixes bug 16924; bugfix on 0.2.4.4-alpha.
- ExitPolicyRejectPrivate now also rejects the relay's published
IPv6 address (if any), and any publicly routable IPv4 or IPv6
addresses on any local interfacesn. ticket 17027. Patch by "teor".
Fixes bug 17027; bugfix on 0.2.0.11-alpha.
o Minor bug fixes (torrc exit policies):
- In torrc, "accept6 *" and "reject6 *" ExitPolicy lines now
only produce IPv6 wildcard addresses.
Previously they would produce both IPv4 and IPv6
wildcard addresses. Patch by "teor". Fixes part of bug 16069; bugfix on 0.2.4.7-alpha.
- When parsing torrc ExitPolicies, we now warn for a number of
cases where the user's intent is likely to differ from Tor's
actual behavior. These include: using an IPv4 address
with an accept6 or reject6 line; using "private" on an accept6
or reject6 line; and including any ExitPolicy lines after
accept *:* or reject *:*. Related to ticket 16069.
- In torrc, "accept6 *" and "reject6 *" ExitPolicy lines now only
produce IPv6 wildcard addresses. Previously they would produce
both IPv4 and IPv6 wildcard addresses. Patch by "teor". Fixes part
of bug 16069; bugfix on 0.2.4.7-alpha.
- When parsing torrc ExitPolicies, we now warn for a number of cases
where the user's intent is likely to differ from Tor's actual
behavior. These include: using an IPv4 address with an accept6 or
reject6 line; using "private" on an accept6 or reject6 line; and
including any ExitPolicy lines after accept *:* or reject *:*.
Related to ticket 16069.
- When parsing torrc ExitPolicies, we now issue an info-level
message: when expanding an "accept/reject *" line to include both
IPv4 and IPv6 wildcard addresses. Related to ticket 16069.
- In each instance above, usage advice is provided to avoid the message.
Resolves ticket 16069. Patch by "teor". Fixes part of bug
- In each instance above, usage advice is provided to avoid the
message. Resolves ticket 16069. Patch by "teor". Fixes part of bug
16069; bugfix on 0.2.4.7-alpha.
o Minor bugfixes (open file limit):
- Fix set_max_file_descriptors() to set by default the max open file
limit to the current limit when setrlimit() fails. Fixes bug 16274; bugfix on tor-
0.2.0.10-alpha. Patch by dgoulet.
o Minor bugfixes (authority):
- Don't assign "HSDir" to a router if it isn't Valid and Running.
Fixes bug 16524; bugfix on 0.2.7.2-alpha.
@ -157,8 +117,26 @@ Changes in version 0.2.7.3-rc - 2015-09-2?
bug 16286; bugfix on 0.2.7.2-alpha.
o Minor bugfixes (control port):
- Repair a warning and a spurious result when getting the maximum number of file descriptors
from the controller. Fixes bug 16697; bugfix on 0.2.7.2-alpha.
- Repair a warning and a spurious result when getting the maximum
number of file descriptors from the controller. Fixes bug 16697;
bugfix on 0.2.7.2-alpha.
o Minor bugfixes (correctness):
- When calling channel_free_list(), avoid calling smartlist_remove()
while inside a FOREACH loop. This partially reverts commit
17356fe7fd96af where the correct SMARTLIST_DEL_CURRENT was
incorrectly removed. Fixes bug 16924; bugfix on 0.2.4.4-alpha.
o Minor bugfixes (documentation):
- Fix the usage message of tor-resolve(1) so that it no longer lists
the removed -F option. Fixes bug 16913; bugfix on 0.2.2.28-beta.
- Fix an error in the manual page and comments for
TestingDirAuthVoteHSDir[IsStrict], which suggested that a HSDir
required "ORPort connectivity". While this is true, it is in no
way unique to the HSDir flag. Of all the flags, only HSDirs need a
DirPort configured in order for the authorities to assign that
particular flag. Patch by "teor". Fixed as part of 14882; bugfix
on 0.2.6.3-alpha.
o Minor bugfixes (Ed25519):
- Fix a memory leak when reading router descriptors with expired
@ -170,13 +148,33 @@ Changes in version 0.2.7.3-rc - 2015-09-2?
- Allow routers with ed25519 keys to run correctly under the
seccomp2 sandbox. Fixes bug 16965; bugfix on 0.2.7.2-alpha.
o Minor bugfixes (open file limit):
- Fix set_max_file_descriptors() to set by default the max open file
limit to the current limit when setrlimit() fails. Fixes bug
16274; bugfix on tor- 0.2.0.10-alpha. Patch by dgoulet.
o Minor bugfixes (portability):
- Try harder to normalize the exit status of the Tor process to the
standard-provided range. Fixes bug 16975; bugfix on every version
of Tor ever.
- Check correctly for windows socket errors in the workqueue
backend. Fixes bug 16741; bugfix on 0.2.6.3-alpha.
- Fix the behavior of crypto_rand_time_range() when told to consider
times before 1970. (These times were possible when running in a
simulated network environment where time()'s output starts at
zero.) Fixes bug 16980; bugfix on 0.2.7.1-alpha.
- Restore correct operation of TLS client-cipher detection on
OpenSSL 1.1. Fixes bug 14047; bugfix on 0.2.7.2-alpha.
o Minor bugfixes (relay):
- Unblock threads before releasing the work queue mutex to ensure predictable
scheduling behavior. Fixes bug 16644; bugfix on 0.2.6.3-alpha.
- Ensure that worker threads actually exit when a fatal error or
shutdown is indicated. This fix doesn't currently affect the
behaviour of Tor, because Tor workers never indicates fatal error
or shutdown except in the unit tests. Fixes bug 16868; bugfix
on 0.2.6.3-alpha.
- Unblock threads before releasing the work queue mutex to ensure
predictable scheduling behavior. Fixes bug 16644; bugfix
on 0.2.6.3-alpha.
o Code simplification and refactoring:
- Change the function that's called when we need to retry all