From 767a3280fb65256f33a466b02eaeb28005e2dd5e Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 24 Apr 2014 14:24:13 -0400 Subject: [PATCH] Try to sort the changelog a little more --- ChangeLog | 165 +++++++++++++++++++++++++++--------------------------- 1 file changed, 83 insertions(+), 82 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7ad8373e25..4182330105 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,18 +2,15 @@ Changes in version 0.2.5.4-alpha - 2014-04-?? This release includes several security and performance improvements for clients and relays, including XXX + This release marks end-of-line for Tor 0.2.2.x; those Tor versions have + accumulated many known flaws; everyone should upgrade. + o Major features (security): - Block authority signing keys that were used on an authorities vulnerable to the "heartbleed" bug in openssl (CVE-2014-0160). (We don't have any evidence that these keys _were_ compromised; we're doing this to be prudent.) Resolves ticket 11464. - o Deprecated versions: - - Tor 0.2.2.x has reached end-of-life; it has received no patches or - attention for some while. Directory authorities no longer accept - descriptors from Tor relays running any version of Tor prior to - Tor 0.2.3.16-alpha. Resolves ticket 11149. - o Major features (relay performance): - Faster server-side lookups of rendezvous and introduction point circuits by using hashtables instead of linear searches over all @@ -56,6 +53,11 @@ Changes in version 0.2.5.4-alpha - 2014-04-?? list is now well-considered, whereas the client list has been chosen mainly for anti-fingerprinting purposes.) Resolves ticket 11528. + - Update the list of TLS cipehrsuites that a client advertises to + match those advertised by Firefox 28. This enables selection of + (fast) GCM ciphersuites, disables some strange old ciphers, and + disables the ECDH (not to be confused with ECDHE) ciphersuites. + Resolves ticket 11438. o Major bugfixes (undefined behavior): - Fix two instances of possible undefined behavior in channeltls.c @@ -72,11 +74,79 @@ Changes in version 0.2.5.4-alpha - 2014-04-?? some miscellaneous errors in our tests and codebase. Fix for bug 11232. Bugfixes on versions back as far as 0.2.1.11-alpha. + o Minor features (Transparent proxy, *BSD): + - Support the ipfw firewall interface for transparent proxy support + on FreeBSD. To enable it, set "TransProxyType ipfw" in your torrc. + Resolves ticket 10267; patch from "yurivict". + - Support OpenBSD's divert-to rules with the pf firewall, when + "TransProxyType pf-divert" is specified. This allows Tor to run a + TransPort transparent proxy port on OpenBSD 4.4 or later without + root privileges. See the pf.conf(5) manual page for information on + configuring pf to use divert-to rules. Closes ticket 10896; patch + from Dana Koch. + + o Minor features (security): + - New --enable-expensive-hardening option to turn on security + hardening options that consume nontrivial amounts of CPU and + memory. Right now, this includes AddressSanitizer and UbSan. + Closes ticket 11477. + - If you don't specify MaxMemInQueues yourself, Tor now tries to + pick a good value based on your total system memory. Previously, + the default was always 8 GB. You can still override the default by + setting MaxMemInQueues yourself. Resolves ticket 11396. + + o Minor features (log verbosity): + - Demote the message that we give when a flushing connection times + out for too long from NOTICE to INFO. It was usually meaningless. + Resolves ticket 5286. + - Don't log so many notice-level bootstrapping messages at startup + about downloading descriptors. Previously, we'd log a notice + whenever we learned about more routers. Now, we only log a notice + at every 5% of progress. Fixes bug 9963. + + o Minor features (relay): + - If a circuit timed out for at least 3 minutes check if we have a + new external IP address the next time we run our routine checks. + If our IP address has changed, then publish a new descriptor with + the new IP address. Resolves ticket 2454. + - Warn less verbosely when receiving a misformed + ESTABLISH_RENDEZVOUS cell. Fixes ticket 11279. + - When we run out of usable circuit IDs on a channel, log only one + warning for the whole channel, and include a description of how + many circuits there were on the channel. Fix for part of ticket + #11553. + + o Minor features (controller): + - Make the entire exit policy available from the control port via + GETINFO exit-policy/*. Implements enhancement #7952. Patch from + "rl1987". + - Because of the fix for ticket 11396, the real limit for memory + usage may no longer match the configured MaxMemInQueues value. The + real limit is now exposed via GETINFO limits/max-mem-in-queues. + + o Minor features (misc): + - Always check return values for unlink, munmap, UnmapViewOfFile; + check strftime return values more often. In some cases all we can + do is report a warning, but this may help prevent deeper bugs from + going unnoticed. Closes ticket 8787. + + o Minor features (bridge client): + - Report a failure to connect to a bridge because its transport type + has no configured pluggable transport as a new type of bootstrap + failure. Resolves ticket 9665. Patch from Fábio J. Bertinatto. + + o Minor features (diagnostic): + - Try harder to diagnose a possible cause of bug 7164, which causes + intermittent "microdesc_free() called but md was still referenced" + warnings. We now log more information about the likely error case, + to try to figure out why we might be cleaning a microdescriptor as + old if it's still referenced by a live node. + o Minor bugfixes (logging): - Log only one message when we start logging in an unsafe way. Previously, we would log as many messages as we had problems. Fix for #9870; bugfix on 0.2.5.1-alpha. - - Using the Linux syscall sandbox no longer prevents stack-trace + - Using the Linux seccomp2 sandbox no longer prevents stack-trace logging on crashes or errors. Fixes part 11465; bugfix on 0.2.5.1-alpha. - Only report the first fatal boostrap error on a given OR @@ -169,86 +239,11 @@ Changes in version 0.2.5.4-alpha - 2014-04-?? - Stop leaking memory when we successfully resolve a PTR record. Fixes bug 11437; bugfix on 0.2.4.7-alpha. - o Minor features (Transparent proxy): - - Support the ipfw firewall interface for transparent proxy support - on FreeBSD. To enable it, set "TransProxyType ipfw" in your torrc. - Resolves ticket 10267; patch from "yurivict". - - Support OpenBSD's divert-to rules with the pf firewall, when - "TransProxyType pf-divert" is specified. This allows Tor to run a - TransPort transparent proxy port on OpenBSD 4.4 or later without - root privileges. See the pf.conf(5) manual page for information on - configuring pf to use divert-to rules. Closes ticket 10896; patch - from Dana Koch. - - o Minor features (security): - - New --enable-expensive-hardening option to turn on security - hardening options that consume nontrivial amounts of CPU and - memory. Right now, this includes AddressSanitizer and UbSan. - Closes ticket 11477. - - If you don't specify MaxMemInQueues yourself, Tor now tries to - pick a good value based on your total system memory. Previously, - the default was always 8 GB. You can still override the default by - setting MaxMemInQueues yourself. Resolves ticket 11396. - - o Minor features (usability): - - Demote the message that we give when a flushing connection times - out for too long from NOTICE to INFO. It was usually meaningless. - Resolves ticket 5286. - - Don't log so many notice-level bootstrapping messages at startup - about downloading descriptors. Previously, we'd log a notice - whenever we learned about more routers. Now, we only log a notice - at every 5% of progress. Fixes bug 9963. - - o Minor features (performance, compatibility): - - Update the list of TLS cipehrsuites that a client advertises to - match those advertised by Firefox 28. This enables selection of - (fast) GCM ciphersuites, disables some strange old ciphers, and - disables the ECDH (not to be confused with ECDHE) ciphersuites. - Resolves ticket 11438. - o Minor bugfixes (IPv6): - When using DNSPort and AutomapHostsOnResolve, respond to AAAA requests with AAAA automapped answers. Fixes bug 10468; bugfix on 0.2.4.7-alpha. - o Minor features (relay): - - If a circuit timed out for at least 3 minutes check if we have a - new external IP address the next time we run our routine checks. - If our IP address has changed, then publish a new descriptor with - the new IP address. Resolves ticket 2454. - - Warn less verbosely when receiving a misformed - ESTABLISH_RENDEZVOUS cell. Fixes ticket 11279. - - When we run out of usable circuit IDs on a channel, log only one - warning for the whole channel, and include a description of how - many circuits there were on the channel. Fix for part of ticket - #11553. - - o Minor features (controller): - - Make the entire exit policy available from the control port via - GETINFO exit-policy/*. Implements enhancement #7952. Patch from - "rl1987". - - Because of the fix for ticket 11396, the real limit for memory - usage may no longer match the configured MaxMemInQueues value. The - real limit is now exposed via GETINFO limits/max-mem-in-queues. - - o Minor features (misc): - - Always check return values for unlink, munmap, UnmapViewOfFile; - check strftime return values more often. In some cases all we can - do is report a warning, but this may help prevent deeper bugs from - going unnoticed. Closes ticket 8787. - - o Minor features (bridge client): - - Report a failure to connect to a bridge because its transport type - has no configured pluggable transport as a new type of bootstrap - failure. Resolves ticket 9665. Patch from Fábio J. Bertinatto. - - o Minor features (diagnostic): - - Try harder to diagnose a possible cause of bug 7164, which causes - intermittent "microdesc_free() called but md was still referenced" - warnings. We now log more information about the likely error case, - to try to figure out why we might be cleaning a microdescriptor as - old if it's still referenced by a live node. - o Documentation: - Build the torify.1 manpage again. Previously, we were only trying to build it when also building tor-fw-helper. That's why we didn't @@ -268,6 +263,12 @@ Changes in version 0.2.5.4-alpha - 2014-04-?? - Change our use of the ENUM_BF macro to avoid declarations that confuse Doxygen. + o Deprecated versions: + - Tor 0.2.2.x has reached end-of-life; it has received no patches or + attention for some while. Directory authorities no longer accept + descriptors from Tor relays running any version of Tor prior to + Tor 0.2.3.16-alpha. Resolves ticket 11149. + o Testing: - New macros in test.h to simplify writting mock-functions for unit tests. Part of ticket 11507. Patch from Dana Koch.