Add a blurb, edit the changelog

This commit is contained in:
Nick Mathewson 2017-02-03 12:04:40 -05:00
parent 39606aece5
commit 7878668cab

View File

@ -1,5 +1,14 @@
Changes in version 0.3.0.3-alpha - 2017-02-03
BLURB BLURB BLURB.
Tor 0.3.0.3-alpha fixes a few significant bugs introduced over the
0.3.0.x development series, including some that could cause
authorities to behave badly. There is also a fix for a longstanding
bug that could prevent IPv6 exits from working. Tor 0.3.0.3-alpha also
includes some smaller features and bugfixes.
The Tor 0.3.0.x release series is now in patch-freeze: no additional
features will be considered for inclusion in 0.3.0.x. We suspect that
some bugs will probably remain, however, and we encourage people to
test this release.
o Major bugfixes (directory authority):
- During voting, when marking a node as a probable sybil, do not
@ -14,20 +23,20 @@ Changes in version 0.3.0.3-alpha - 2017-02-03
o Major bugfixes (entry guards):
- Stop trying to build circuits through entry guards for which we
have no descriptor yet. Also, stop crashing if we *do*
have no descriptor. Also, stop crashing in the case that we *do*
accidentally try to build a circuit in such a state. Fixes bug
21242; bugfix on 0.3.0.1-alpha.
o Major bugfixes (IPv6 Exits):
- Stop rejecting all IPv6 traffic on Exits whose exit policy rejects
IPv6 addresses. Instead, only reject a port over IPv6 if the exit
policy rejects that port on more than an IPv6 /16 of addresses.
This bug was made worse by 17027 in 0.2.8.1-alpha, which rejects a
relay's own IPv6 address by default. Fixes bug 21357; bugfix on
commit 004f3f4e53 in 0.2.4.7-alpha.
any IPv6 addresses. Instead, only reject a port over IPv6 if the
exit policy rejects that port on more than an IPv6 /16 of
addresses. This bug was made worse by 17027 in 0.2.8.1-alpha,
which rejected a relay's own IPv6 address by default. Fixes bug
21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
o Minor feature (client):
- Enable IPv6 traffic by default on the SocksPort. To disable this,
- Enable IPv6 traffic on the SocksPort by default. To disable this,
a user will have to specify "NoIPv6Traffic". Closes ticket 21269.
o Minor feature (fallback scripts):
@ -36,10 +45,10 @@ Changes in version 0.3.0.3-alpha - 2017-02-03
20174. Patch by haxxpop.
o Minor features (ciphersuite selection):
- Clients now advertise a list of ciphersuites closer to the ones
preferred by Firefox. Closes part of ticket 15426.
- Allow servers to accept a wider range of ciphersuites, including
chacha20-poly1305 and AES-CCM. Closes the other part of 15426.
- Clients now advertise a list of ciphersuites closer to the ones
preferred by Firefox. Closes ticket 15426.
o Minor features (controller, configuration):
- Each of the *Port options, such as SocksPort, ORPort, ControlPort,
@ -53,23 +62,24 @@ Changes in version 0.3.0.3-alpha - 2017-02-03
in feature 20956. Implements ticket 21300.
o Minor features (portability, compilation):
- Autoconf now check to determine if OpenSSL structures are opaque,
- Autoconf now checks to determine if OpenSSL structures are opaque,
instead of explicitly checking for OpenSSL version numbers. Part
of ticket 21359.
- Support building with recent LibreSSL code that uses opaque
structures. Closes ticket 21359.
o Minor features (relay):
- Allow separation of exit and relay traffic to different source IP
addresses. Closes ticket 17975. Written by Michael Sonntag.
- We now allow separation of exit and relay traffic to different
source IP addresses, using the OutboundBindAddressExit and
OutboundBindAddressOR options respectively. Closes ticket 17975.
Written by Michael Sonntag.
o Minor bugfix (logging):
- Don't recommend the use of Tor2web in non anonymous mode. In that
mode, we disable client functionalities and recommending Tor2web
as a solution is a bad idea because in that case client loses all
anonymity. Tor2web should really only be used in very specific
cases and with users *knowing* what they do. Fixes bug 21294;
bugfix on 0.2.9.3-alpha.
- Don't recommend the use of Tor2web in non-anonymous mode.
Recommending Tor2web is a bad idea because the client loses all
anonymity. Tor2web shouldy only be used in specific cases by users
who *know* and understand the issues. Fixes bug 21294; bugfix
on 0.2.9.3-alpha.
o Minor bugfixes (client):
- Always recover from failures in extend_info_from_node(), in an
@ -90,38 +100,39 @@ Changes in version 0.3.0.3-alpha - 2017-02-03
o Minor bugfixes (configure, autoconf):
- Rename the configure option --enable-expensive-hardening to
--enable-fragile-hardening. TROVE-2017-001 was triggerable only
through the expensive hardening which is making the tor daemon
abort when the issue is detected. Thus, it makes tor more at risk
of remote crashes but safer against RCE or heartbleed bug
category. Fixes bug 21290; bugfix on 0.2.5.4-alpha.
--enable-fragile-hardening. Expensive hardening makes the tor
daemon abort when some kinds of issues are detected. Thus, it
makes tor more at risk of remote crashes but safer against RCE or
heartbleed bug category. We now try to explain this issue in a
message from the configure script. Fixes bug 21290; bugfix
on 0.2.5.4-alpha.
o Minor bugfixes (controller):
- Restore the (deprecated) DROPGUARDS controller command. Fixes bug
20824; bugfix on 0.3.0.1-alpha.
o Minor bugfixes (hidden service):
- Cleanup expiring intro point nodes if no circuit is associated to
it anymore. It was causing, rarely, the service to not open enough
introduction points circuit in the case we had dead expiring
nodes.; bugfix on 0.2.7.2-alpha.
- Stop modifying the value of our torrc option
HiddenServiceStatistics just because we're not a bridge or relay.
Use an internal value for what tor should use and keep the torrc
option intact. Fixes bug 21150; bugfix on 0.2.6.2-alpha.
- Clean up the code for expiring intro points with no associated
circuits. It was causing, rarely, a service with some expiring
nodes to not open enough introduction points. Fixes part of bug
21302; bugfix on 0.2.7.2-alpha.
- Stop setting the torrc option HiddenServiceStatistics to "0" just
because we're not a bridge or relay. Instead, we preserve whatever
value the user set (or didn't set). Fixes bug 21150; bugfix
on 0.2.6.2-alpha.
- Two possible underflow which would ultimately lead to creating a
lot of introduction points circuits and closing them in a non stop
loop. Fixes bug 21302; bugfix on 0.2.7.2-alpha.
o Minor bugfixes (portability):
- Use "OpenBSD" pre-defined compiler macro instead of "OPENBSD" or
"__OpenBSD__". It is supported by OpenBSD itself and also most
OpenBSD variants like Bitrig. Fixes bug 20980; bugfix
- Use "OpenBSD" compiler macro instead of "OPENBSD" or "__OpenBSD__".
It is supported by OpenBSD itself, and also by most OpenBSD
variants (such as Bitrig). Fixes bug 20980; bugfix
on 0.1.2.1-alpha.
- Do not silently truncate content of files if they are larger than
SIZE_MAX bytes. This issue could occur on 32 bit systems with
large file support and files which are larger than 4 GB. Fixes bug
21134; bugfix on 0.3.0.1-alpha.
- When mapping a file of length greater than SIZE_MAX, do not
silently its contents. This issue could occur on 32 bit systems
with large file support and files which are larger than 4 GB.
Fixes bug 21134; bugfix on 0.3.0.1-alpha.
o Minor bugfixes (tor-resolve):
- The tor-resolve command line tool now rejects hostnames over 255