mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
fold in changes files so far
This commit is contained in:
parent
9a88c0cd32
commit
58d1aa4402
77
ChangeLog
77
ChangeLog
@ -1,3 +1,80 @@
|
|||||||
|
Changes in version 0.2.3.9-alpha - 2011-1?-??
|
||||||
|
o Major features:
|
||||||
|
- When using OpenSSL 1.0.0 or later, use OpenSSL's counter mode
|
||||||
|
implementation. It makes AES_CTR about 7% faster than our old one
|
||||||
|
(which was about 10% faster than the one OpenSSL used to provide).
|
||||||
|
Resolves ticket 4526.
|
||||||
|
- Tor clients and bridges can now be easily configured to use a
|
||||||
|
separate 'transport' proxy. This approach helps to resist
|
||||||
|
censorship by allowing bridges to use protocol obfuscation
|
||||||
|
plugins. It implements the 'managed proxy' part of proposal
|
||||||
|
180. Implements ticket 3472.
|
||||||
|
- Block excess renegotiations even if they are RFC5746 compliant.
|
||||||
|
This security fix mitigates potential SSL Denial of Service attacks
|
||||||
|
that use SSL renegotiation as a way of forcing the server to perform
|
||||||
|
unneeded computationally expensive SSL handshakes. Implements
|
||||||
|
ticket 4312.
|
||||||
|
|
||||||
|
o Major bugfixes:
|
||||||
|
- Teach Tor how to notice excess renegotiation attempts before it
|
||||||
|
receives the first data SSL record. Fixes part of ticket 4312.
|
||||||
|
- Only use the EVP interface when AES acceleration is enabled,
|
||||||
|
to avoid a 5-7% performance regression. Resolves issue 4525;
|
||||||
|
bugfix on 0.2.3.8-alpha.
|
||||||
|
|
||||||
|
o Minor features:
|
||||||
|
- Experimental support for running on Windows with IOCP and no
|
||||||
|
kernel-space socket buffers. This feature is controlled by a new
|
||||||
|
UserspaceIOCPBuffers feature (off by default), which has no
|
||||||
|
effect unless Tor has been built with support for bufferevents,
|
||||||
|
is running on Windows, and has enabled IOCP. This may, in the
|
||||||
|
long run, help solve or mitigate bug 98.
|
||||||
|
- Try to make the introductory warning message that Tor prints on
|
||||||
|
startup more useful for actually finding help and information.
|
||||||
|
Resolves ticket 2474.
|
||||||
|
- Running "make version" now displays the version of Tor that
|
||||||
|
we're about to build. Idea from katmagic; resolves issue 4400.
|
||||||
|
- If set to 1, Tor will attempt to prevent basic debugging
|
||||||
|
attachment attempts by other processes. It has no impact for
|
||||||
|
users who wish to attach if they have CAP_SYS_PTRACE or if they
|
||||||
|
are root. We believe that this feature works on modern
|
||||||
|
Gnu/Linux distributions, and that it may also work on OSX and
|
||||||
|
some *BSD systems (untested). Some modern Gnu/Linux systems
|
||||||
|
such as Ubuntu have the kernel.yama.ptrace_scope sysctl and by
|
||||||
|
default enable it as an attempt to limit the PTRACE scope for
|
||||||
|
all user processes by default. This feature will attempt to
|
||||||
|
limit the PTRACE scope for Tor specifically - it will not
|
||||||
|
attempt to alter the system wide ptrace scope as it may not even
|
||||||
|
exist. If you wish to attach to Tor with a debugger such as gdb
|
||||||
|
or strace you will want to set this to 0 for the duration of
|
||||||
|
your debugging. Normal users should leave it on. (Default: 1)
|
||||||
|
|
||||||
|
o Minor bugfixes:
|
||||||
|
- Resolve an integer overflow bug in smartlist_ensure_capacity().
|
||||||
|
Fixes bug 4230; bugfix on Tor 0.1.0.1-rc. Based on a patch by
|
||||||
|
Mansour Moufid.
|
||||||
|
- Fix a compile warning in tor_inet_pton(). Bugfix on 0.2.3.8-alpha;
|
||||||
|
fixes bug 4554.
|
||||||
|
- Fix a minor formatting issue in one of tor-gencert's error messages.
|
||||||
|
Fixes bug 4574.
|
||||||
|
- Prevent a false positive from the check-spaces script, by disabling
|
||||||
|
the "whitespace between function name and (" check for functions
|
||||||
|
named 'op()'.
|
||||||
|
|
||||||
|
o Build fixes:
|
||||||
|
- Properly handle the case where the build-tree is not the same
|
||||||
|
as the source tree when generating src/common/common_sha1.i,
|
||||||
|
src/or/micro-revision.i, and src/or/or_sha1.i. Fixes bug 3953;
|
||||||
|
bugfix on 0.2.0.1-alpha.
|
||||||
|
|
||||||
|
o Code simplifications and refactorings:
|
||||||
|
- Remove the pure attribute from all functions that used it
|
||||||
|
previously. In many cases we assigned it incorrectly, because the
|
||||||
|
functions might assert or call impure functions, and we don't have
|
||||||
|
evidence that keeping the pure attribute is worthwhile. Implements
|
||||||
|
changes suggested in ticket 4421.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.3.8-alpha - 2011-11-22
|
Changes in version 0.2.3.8-alpha - 2011-11-22
|
||||||
Tor 0.2.3.8-alpha fixes some crash and assert bugs, including a
|
Tor 0.2.3.8-alpha fixes some crash and assert bugs, including a
|
||||||
socketpair-related bug that has been bothering Windows users. It adds
|
socketpair-related bug that has been bothering Windows users. It adds
|
||||||
|
@ -1,7 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Experimental support for running on Windows with IOCP and no
|
|
||||||
kernel-space socket buffers. This feature is controlled by a new
|
|
||||||
UserspaceIOCPBuffers feature (off by default), which has no
|
|
||||||
effect unless Tor has been built with support for bufferevents,
|
|
||||||
is running on Windows, and has enabled IOCP. This may, in the
|
|
||||||
long run, help solve or mitigate bug 98.
|
|
@ -1,10 +0,0 @@
|
|||||||
o Major features (AES performance):
|
|
||||||
- When using OpenSSL 1.0.0 or later, use OpenSSL's counter mode
|
|
||||||
implementation; it makes AES_CTR about 7% faster than our old one
|
|
||||||
(which was about 10% faster than the one OpenSSL used to provide).
|
|
||||||
Resolves issue #4526.
|
|
||||||
|
|
||||||
o Major bugfixes (AES performance):
|
|
||||||
- Only use the EVP interface when AES acceleration is enabled,
|
|
||||||
to avoid a 5-7% performance regression. Resolves issue #4525,
|
|
||||||
bugfix on 0.2.3.8-alpha.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Minor features
|
|
||||||
- Try to make the introductory warning message that Tor prints on
|
|
||||||
startup more useful for actually finding help and information.
|
|
||||||
Resolves bug2474.
|
|
||||||
|
|
@ -1,7 +0,0 @@
|
|||||||
o Major features:
|
|
||||||
|
|
||||||
- Tor clients and bridges can now be easily configured to use a
|
|
||||||
separate 'transport' proxy. This approach helps to resist
|
|
||||||
censorship by allowing bridges to use protocol obfuscation
|
|
||||||
plugins. It implements the 'managed proxy' part of proposal
|
|
||||||
180. Implements ticket #3472.
|
|
@ -1,6 +0,0 @@
|
|||||||
o Build fixes:
|
|
||||||
- Properly handle the case where the build-tree is not the same
|
|
||||||
as the source tree when generating src/common/common_sha1.i,
|
|
||||||
src/or/micro-revision.i and src/or/or_sha1.i. Fixes bug 3953;
|
|
||||||
bugfix on 0.2.0.1-alpha.
|
|
||||||
|
|
@ -1,5 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Resolve an integer overflow bug in smartlist_ensure_capacity.
|
|
||||||
Fixes bug 4230; bugfix on Tor 0.1.0.1-rc. Based on a patch by
|
|
||||||
Mansour Moufid.
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
|||||||
o Security fixes:
|
|
||||||
|
|
||||||
- Block excess renegotiations even if they are RFC5746 compliant.
|
|
||||||
This mitigates potential SSL Denial of Service attacks that use
|
|
||||||
SSL renegotiation as a way of forcing the server to perform
|
|
||||||
unneeded computationally expensive SSL handshakes. Implements
|
|
||||||
#4312.
|
|
||||||
|
|
||||||
- Fix a bug where tor would not notice excess renegotiation
|
|
||||||
attempts before it received the first data SSL record. Fixes
|
|
||||||
part of #4312.
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Fix a compile warning in tor_inet_pton(). Bugfix on 0.2.3.8-alpha;
|
|
||||||
fixes bug 4554.
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Fix a minor formatting issue in one of tor-gencert's error messages.
|
|
||||||
Fixes bug 4574.
|
|
||||||
|
|
@ -1,5 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Prevent a false positive from the check-spaces script by disabling
|
|
||||||
the "whitespace between function name and (" check for functions
|
|
||||||
named 'op()'.
|
|
||||||
|
|
@ -1,16 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- If set to 1, Tor will attempt to prevent basic debugging
|
|
||||||
attachment attempts by other processes. It has no impact for
|
|
||||||
users who wish to attach if they have CAP_SYS_PTRACE or if they
|
|
||||||
are root. We believe that this feature works on modern
|
|
||||||
Gnu/Linux distributions, and that it may also work on OSX and
|
|
||||||
some *BSD systems (untested). Some modern Gnu/Linux systems
|
|
||||||
such as Ubuntu have the kernel.yama.ptrace_scope sysctl and by
|
|
||||||
default enable it as an attempt to limit the PTRACE scope for
|
|
||||||
all user processes by default. This feature will attempt to
|
|
||||||
limit the PTRACE scope for Tor specifically - it will not
|
|
||||||
attempt to alter the system wide ptrace scope as it may not even
|
|
||||||
exist. If you wish to attach to Tor with a debugger such as gdb
|
|
||||||
or strace you will want to set this to 0 for the duration of
|
|
||||||
your debugging. Normal users should leave it on. (Default: 1)
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features (build):
|
|
||||||
- Running "make version" now displays the version of Tor that
|
|
||||||
we're about to build. Idea from katmagic; resolves issue 4400.
|
|
||||||
|
|
@ -1,7 +0,0 @@
|
|||||||
o Code simplifications and refactorings:
|
|
||||||
- Remove the pure attribute from all functions that used it previously.
|
|
||||||
In many cases this we assigned it incorrectly, because the functions
|
|
||||||
might assert or call impure functions, and we don't have evidence
|
|
||||||
that keeping the pure attribute is worthwhile. Implements changes
|
|
||||||
suggested in ticket 4421.
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user