mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-23 20:03:31 +01:00
fold in changes files so far
This commit is contained in:
Roger Dingledine
parent
9a88c0cd32
commit
58d1aa4402
77
ChangeLog
77
ChangeLog
@ -1,3 +1,80 @@
|
||||
Changes in version 0.2.3.9-alpha - 2011-1?-??
|
||||
o Major features:
|
||||
- When using OpenSSL 1.0.0 or later, use OpenSSL's counter mode
|
||||
implementation. It makes AES_CTR about 7% faster than our old one
|
||||
(which was about 10% faster than the one OpenSSL used to provide).
|
||||
Resolves ticket 4526.
|
||||
- Tor clients and bridges can now be easily configured to use a
|
||||
separate 'transport' proxy. This approach helps to resist
|
||||
censorship by allowing bridges to use protocol obfuscation
|
||||
plugins. It implements the 'managed proxy' part of proposal
|
||||
180. Implements ticket 3472.
|
||||
- Block excess renegotiations even if they are RFC5746 compliant.
|
||||
This security fix mitigates potential SSL Denial of Service attacks
|
||||
that use SSL renegotiation as a way of forcing the server to perform
|
||||
unneeded computationally expensive SSL handshakes. Implements
|
||||
ticket 4312.
|
||||
|
||||
o Major bugfixes:
|
||||
- Teach Tor how to notice excess renegotiation attempts before it
|
||||
receives the first data SSL record. Fixes part of ticket 4312.
|
||||
- Only use the EVP interface when AES acceleration is enabled,
|
||||
to avoid a 5-7% performance regression. Resolves issue 4525;
|
||||
bugfix on 0.2.3.8-alpha.
|
||||
|
||||
o Minor features:
|
||||
- Experimental support for running on Windows with IOCP and no
|
||||
kernel-space socket buffers. This feature is controlled by a new
|
||||
UserspaceIOCPBuffers feature (off by default), which has no
|
||||
effect unless Tor has been built with support for bufferevents,
|
||||
is running on Windows, and has enabled IOCP. This may, in the
|
||||
long run, help solve or mitigate bug 98.
|
||||
- Try to make the introductory warning message that Tor prints on
|
||||
startup more useful for actually finding help and information.
|
||||
Resolves ticket 2474.
|
||||
- Running "make version" now displays the version of Tor that
|
||||
we're about to build. Idea from katmagic; resolves issue 4400.
|
||||
- If set to 1, Tor will attempt to prevent basic debugging
|
||||
attachment attempts by other processes. It has no impact for
|
||||
users who wish to attach if they have CAP_SYS_PTRACE or if they
|
||||
are root. We believe that this feature works on modern
|
||||
Gnu/Linux distributions, and that it may also work on OSX and
|
||||
some *BSD systems (untested). Some modern Gnu/Linux systems
|
||||
such as Ubuntu have the kernel.yama.ptrace_scope sysctl and by
|
||||
default enable it as an attempt to limit the PTRACE scope for
|
||||
all user processes by default. This feature will attempt to
|
||||
limit the PTRACE scope for Tor specifically - it will not
|
||||
attempt to alter the system wide ptrace scope as it may not even
|
||||
exist. If you wish to attach to Tor with a debugger such as gdb
|
||||
or strace you will want to set this to 0 for the duration of
|
||||
your debugging. Normal users should leave it on. (Default: 1)
|
||||
|
||||
o Minor bugfixes:
|
||||
- Resolve an integer overflow bug in smartlist_ensure_capacity().
|
||||
Fixes bug 4230; bugfix on Tor 0.1.0.1-rc. Based on a patch by
|
||||
Mansour Moufid.
|
||||
- Fix a compile warning in tor_inet_pton(). Bugfix on 0.2.3.8-alpha;
|
||||
fixes bug 4554.
|
||||
- Fix a minor formatting issue in one of tor-gencert's error messages.
|
||||
Fixes bug 4574.
|
||||
- Prevent a false positive from the check-spaces script, by disabling
|
||||
the "whitespace between function name and (" check for functions
|
||||
named 'op()'.
|
||||
|
||||
o Build fixes:
|
||||
- Properly handle the case where the build-tree is not the same
|
||||
as the source tree when generating src/common/common_sha1.i,
|
||||
src/or/micro-revision.i, and src/or/or_sha1.i. Fixes bug 3953;
|
||||
bugfix on 0.2.0.1-alpha.
|
||||
|
||||
o Code simplifications and refactorings:
|
||||
- Remove the pure attribute from all functions that used it
|
||||
previously. In many cases we assigned it incorrectly, because the
|
||||
functions might assert or call impure functions, and we don't have
|
||||
evidence that keeping the pure attribute is worthwhile. Implements
|
||||
changes suggested in ticket 4421.
|
||||
|
||||
|
||||
Changes in version 0.2.3.8-alpha - 2011-11-22
|
||||
Tor 0.2.3.8-alpha fixes some crash and assert bugs, including a
|
||||
socketpair-related bug that has been bothering Windows users. It adds
|
||||
|
||||
@ -1,7 +0,0 @@
|
||||
o Minor features:
|
||||
- Experimental support for running on Windows with IOCP and no
|
||||
kernel-space socket buffers. This feature is controlled by a new
|
||||
UserspaceIOCPBuffers feature (off by default), which has no
|
||||
effect unless Tor has been built with support for bufferevents,
|
||||
is running on Windows, and has enabled IOCP. This may, in the
|
||||
long run, help solve or mitigate bug 98.
|
||||
@ -1,10 +0,0 @@
|
||||
o Major features (AES performance):
|
||||
- When using OpenSSL 1.0.0 or later, use OpenSSL's counter mode
|
||||
implementation; it makes AES_CTR about 7% faster than our old one
|
||||
(which was about 10% faster than the one OpenSSL used to provide).
|
||||
Resolves issue #4526.
|
||||
|
||||
o Major bugfixes (AES performance):
|
||||
- Only use the EVP interface when AES acceleration is enabled,
|
||||
to avoid a 5-7% performance regression. Resolves issue #4525,
|
||||
bugfix on 0.2.3.8-alpha.
|
||||
@ -1,5 +0,0 @@
|
||||
o Minor features
|
||||
- Try to make the introductory warning message that Tor prints on
|
||||
startup more useful for actually finding help and information.
|
||||
Resolves bug2474.
|
||||
|
||||
@ -1,7 +0,0 @@
|
||||
o Major features:
|
||||
|
||||
- Tor clients and bridges can now be easily configured to use a
|
||||
separate 'transport' proxy. This approach helps to resist
|
||||
censorship by allowing bridges to use protocol obfuscation
|
||||
plugins. It implements the 'managed proxy' part of proposal
|
||||
180. Implements ticket #3472.
|
||||
@ -1,6 +0,0 @@
|
||||
o Build fixes:
|
||||
- Properly handle the case where the build-tree is not the same
|
||||
as the source tree when generating src/common/common_sha1.i,
|
||||
src/or/micro-revision.i and src/or/or_sha1.i. Fixes bug 3953;
|
||||
bugfix on 0.2.0.1-alpha.
|
||||
|
||||
@ -1,5 +0,0 @@
|
||||
o Minor bugfixes:
|
||||
- Resolve an integer overflow bug in smartlist_ensure_capacity.
|
||||
Fixes bug 4230; bugfix on Tor 0.1.0.1-rc. Based on a patch by
|
||||
Mansour Moufid.
|
||||
|
||||
@ -1,11 +0,0 @@
|
||||
o Security fixes:
|
||||
|
||||
- Block excess renegotiations even if they are RFC5746 compliant.
|
||||
This mitigates potential SSL Denial of Service attacks that use
|
||||
SSL renegotiation as a way of forcing the server to perform
|
||||
unneeded computationally expensive SSL handshakes. Implements
|
||||
#4312.
|
||||
|
||||
- Fix a bug where tor would not notice excess renegotiation
|
||||
attempts before it received the first data SSL record. Fixes
|
||||
part of #4312.
|
||||
@ -1,4 +0,0 @@
|
||||
o Minor bugfixes:
|
||||
- Fix a compile warning in tor_inet_pton(). Bugfix on 0.2.3.8-alpha;
|
||||
fixes bug 4554.
|
||||
|
||||
@ -1,4 +0,0 @@
|
||||
o Minor bugfixes:
|
||||
- Fix a minor formatting issue in one of tor-gencert's error messages.
|
||||
Fixes bug 4574.
|
||||
|
||||
@ -1,5 +0,0 @@
|
||||
o Minor bugfixes:
|
||||
- Prevent a false positive from the check-spaces script by disabling
|
||||
the "whitespace between function name and (" check for functions
|
||||
named 'op()'.
|
||||
|
||||
@ -1,16 +0,0 @@
|
||||
o Minor features:
|
||||
- If set to 1, Tor will attempt to prevent basic debugging
|
||||
attachment attempts by other processes. It has no impact for
|
||||
users who wish to attach if they have CAP_SYS_PTRACE or if they
|
||||
are root. We believe that this feature works on modern
|
||||
Gnu/Linux distributions, and that it may also work on OSX and
|
||||
some *BSD systems (untested). Some modern Gnu/Linux systems
|
||||
such as Ubuntu have the kernel.yama.ptrace_scope sysctl and by
|
||||
default enable it as an attempt to limit the PTRACE scope for
|
||||
all user processes by default. This feature will attempt to
|
||||
limit the PTRACE scope for Tor specifically - it will not
|
||||
attempt to alter the system wide ptrace scope as it may not even
|
||||
exist. If you wish to attach to Tor with a debugger such as gdb
|
||||
or strace you will want to set this to 0 for the duration of
|
||||
your debugging. Normal users should leave it on. (Default: 1)
|
||||
|
||||
@ -1,4 +0,0 @@
|
||||
o Minor features (build):
|
||||
- Running "make version" now displays the version of Tor that
|
||||
we're about to build. Idea from katmagic; resolves issue 4400.
|
||||
|
||||
@ -1,7 +0,0 @@
|
||||
o Code simplifications and refactorings:
|
||||
- Remove the pure attribute from all functions that used it previously.
|
||||
In many cases this we assigned it incorrectly, because the functions
|
||||
might assert or call impure functions, and we don't have evidence
|
||||
that keeping the pure attribute is worthwhile. Implements changes
|
||||
suggested in ticket 4421.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user