nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-23 20:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Reformat the changelog for 0.2.5.4-alpha. No textual changes.

Browse Source 
Also, add a script to do this, since doing it manually with fmt sucks.
This commit is contained in:
Nick Mathewson 2014-04-24 13:44:24 -04:00
parent 2bea2facdc
commit 9f691ecb5b
2 changed files with 249 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

216
ChangeLog
View File

@ -1,16 +1,18 @@
Changes in version 0.2.5.4-alpha - 2014-04-??
This release includes several security and performance improvements
for clients and relays, including XXX
o Major features (security):
- Block authority signing keys that were used on an authorities
vulnerable to the "heartbleed" bug in openssl (CVE-2014-0160).
(We don't have any evidence that these keys _were_ compromised;
we're doing this to be prudent.) Resolves ticket 11464.
vulnerable to the "heartbleed" bug in openssl (CVE-2014-0160). (We
don't have any evidence that these keys _were_ compromised; we're
doing this to be prudent.) Resolves ticket 11464.
o Deprecated versions:
- Tor 0.2.2.x has reached end-of-life; it has received no patches or
attention for some while. Directory authorities no longer accept
descriptors from Tor relays running any version of Tor prior to Tor
0.2.3.16-alpha. Resolves ticket 11149.
descriptors from Tor relays running any version of Tor prior to
Tor 0.2.3.16-alpha. Resolves ticket 11149.
o Major features (relay performance):
- Faster server-side lookups of rendezvous and introduction point
@ -20,20 +22,19 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
- Avoid wasting cycles looking for usable circuit IDs. Previously,
when allocating a new circuit ID, we would in the worst case do a
linear scan over the entire possible range of circuit IDs before
deciding that we had exhausted our possibilities. Now, we
try 64 circuit IDs at random before deciding that we probably
won't succeed. Fix for a possible root cause of ticket
#11553.
deciding that we had exhausted our possibilities. Now, we try 64
circuit IDs at random before deciding that we probably won't
succeed. Fix for a possible root cause of ticket #11553.
o Major features (seccomp2 sandbox):
- Refinements and improvements to the Linux seccomp2 sandbox code:
the sandbox can now run a test network for multiple hours without
crashing. (Previous crash reasons included: reseeding the OpenSSL PRNG,
seeding the Libevent PRNG, using the wrong combination of CLOEXEC and
NONBLOCK at the same place and time, having server keys, being an
authority, receiving a HUP, or using IPv6.) The sandbox is still
experimental, and more bugs will probably turn up. To try it,
enable "Sandbox 1" on a Linux host.
crashing. (Previous crash reasons included: reseeding the OpenSSL
PRNG, seeding the Libevent PRNG, using the wrong combination of
CLOEXEC and NONBLOCK at the same place and time, having server
keys, being an authority, receiving a HUP, or using IPv6.) The
sandbox is still experimental, and more bugs will probably turn
up. To try it, enable "Sandbox 1" on a Linux host.
- Strengthen the Linux seccomp2 sandbox code: the sandbox can now
test the arguments for rename(), and blocks _sysctl() entirely.
- When the Linux syscall sandbox finds an illegal system call, it
@ -43,13 +44,13 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
o Major bugfixes (TLS cipher selection):
- Generate the server's preference list for ciphersuites
automatically based on uniform criteria, and considering all
OpenSSL ciphersuites with acceptable strength and forward
secrecy. (The sort order is: prefer AES to 3DES; break ties by
preferring ECDHE to DHE; break ties by preferring GCM to CBC;
break ties by preferring SHA384 to SHA256 to SHA1; and finally,
break ties by preferring AES256 to AES128.) This resolves bugs
#11513, #11492, #11498, #11499. Bugs reported by 'cypherpunks'.
Bugfix on 0.2.4.8-alpha.
OpenSSL ciphersuites with acceptable strength and forward secrecy.
(The sort order is: prefer AES to 3DES; break ties by preferring
ECDHE to DHE; break ties by preferring GCM to CBC; break ties by
preferring SHA384 to SHA256 to SHA1; and finally, break ties by
preferring AES256 to AES128.) This resolves bugs #11513, #11492,
#11498, #11499. Bugs reported by 'cypherpunks'. Bugfix on
0.2.4.8-alpha.
- Servers now trust themselves to have a better view than clients of
which TLS ciphersuites to choose. (Thanks to #11513, the server
list is now well-considered, whereas the client list has been
@ -67,26 +68,26 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
- Fix another possibly undefined pointer operations in the eventdns
fallback implementation. Another case of bug #10363; bugfix on
0.1.2.1-alpha.
- Use AddressSanitizer and Ubsan sanitizers (in clang-3.4) to fix some
miscellaneous errors in our tests and codebase. Fix for bug 11232.
Bugfixes on versions back as far as 0.2.1.11-alpha.
- Use AddressSanitizer and Ubsan sanitizers (in clang-3.4) to fix
some miscellaneous errors in our tests and codebase. Fix for bug
11232. Bugfixes on versions back as far as 0.2.1.11-alpha.
o Minor bugfixes (logging):
- Log only one message when we start logging in an unsafe
way. Previously, we would log as many messages as we had
problems. Fix for #9870; bugfix on 0.2.5.1-alpha.
- Log only one message when we start logging in an unsafe way.
Previously, we would log as many messages as we had problems. Fix
for #9870; bugfix on 0.2.5.1-alpha.
- Using the Linux syscall sandbox no longer prevents stack-trace
logging on crashes or errors. Fixes part 11465; bugfix on
0.2.5.1-alpha.
- Only report the first fatal boostrap error on a given OR
connection. This prevents controllers from declaring that a
connection. This prevents controllers from declaring that a
connection has failed because of "DONE" or other junk reasons.
Fixes bug 10431; bugfix on 0.2.1.1-alpha.
- Improve the warning message when trying to enable the Linux
sandbox code on a Tor built without libseccomp. Instead of
saying "Sandbox is not implemented on this platform", we now
explain that we to need be built with libseccomp. Fixes bug
11543; bugfix on 0.2.5.1-alpha.
sandbox code on a Tor built without libseccomp. Instead of saying
"Sandbox is not implemented on this platform", we now explain that
we to need be built with libseccomp. Fixes bug 11543; bugfix on
0.2.5.1-alpha.
- Avoid generating spurious warnings and failure messages when
starting with DisableNetwork enabled. Fixes bug 11200 and bug
10405; bugfix on 0.2.3.9-alpha.
@ -94,11 +95,13 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
o Minor bugfixes (closing channels):
- If write_to_buf() in connection_write_to_buf_impl_() ever fails,
check if it's an or_connection_t and correctly call
connection_or_close_for_error() rather than connection_mark_for_close()
directly. Fixes bug #11304; bugfix on 0.2.4.4-alpha.
connection_or_close_for_error() rather than
connection_mark_for_close() directly. Fixes bug #11304; bugfix on
0.2.4.4-alpha.
- When closing all connections on setting DisableNetwork to 1, use
connection_or_close_normally() rather than closing orconns out from
under the channel layer. Fixes bug #11306; bugfix on 0.2.4.4-alpha.
connection_or_close_normally() rather than closing orconns out
from under the channel layer. Fixes bug #11306; bugfix on
0.2.4.4-alpha.
o Minor bugfixes (controller):
- Avoid sending an garbage value to the controller when a circuit is
@ -109,9 +112,9 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
CPPFLAGS. Fixes bug 11296; bugfix on 0.2.5.3-alpha.
o Minor bugfixes (bridges):
- Avoid potential crashes or bad behavior when launching a
server-side managed proxy with ORPort or ExtORPort temporarily
disabled. Fixes bug 9650; bugfix on 0.2.3.16-alpha.
- Avoid potential crashes or bad behavior when launching a server-
side managed proxy with ORPort or ExtORPort temporarily disabled.
Fixes bug 9650; bugfix on 0.2.3.16-alpha.
o Minor bugfixes (misc):
- Don't re-initialize a second set of openssl mutexes when starting
@ -122,53 +125,53 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
object. Fixes bug 11275; bugfix on 0.2.4.13-alpha.
o Minor bugfixes (platform-specific):
- Fix compilation on Solaris, which does not have <endian.h>.
Fixes bug 11426; bugfix on 0.2.5.3-alpha.
- When dumping a malformed directory object to disk, save it in binary
mode on windows, not text mode. Fixes bug 11342; bugfix on
- Fix compilation on Solaris, which does not have <endian.h>. Fixes
bug 11426; bugfix on 0.2.5.3-alpha.
- When dumping a malformed directory object to disk, save it in
binary mode on windows, not text mode. Fixes bug 11342; bugfix on
0.2.2.1-alpha.
- When reporting a failure from make_socket_reuseable(), don't
report a warning when we get a failure from an incoming socket
on OSX. Fix for bug 10081.
report a warning when we get a failure from an incoming socket on
OSX. Fix for bug 10081.
o Minor bugfixes (trivial memory leaks):
- Free placeholder entries in our circuit table at exit; fixes
a harmless memory leak. Fixes bug 11278; bugfix on 0.2.5.1-alpha.
- Resolve some memory leaks found by coverity in the unit tests,
on exit in tor-gencert, and on a failure to compute digests
for our own keys when generating a v3 networkstatus vote.
These leaks should never have affected anyone in practice.
- Free placeholder entries in our circuit table at exit; fixes a
harmless memory leak. Fixes bug 11278; bugfix on 0.2.5.1-alpha.
- Resolve some memory leaks found by coverity in the unit tests, on
exit in tor-gencert, and on a failure to compute digests for our
own keys when generating a v3 networkstatus vote. These leaks
should never have affected anyone in practice.
o Minor bugfixes (hidden service):
- Only retry attempts to connect to a chosen rendezvous point 8 times,
not 30. Fixes bug #4241; bugfix on 0.1.0.1-rc.
- Only retry attempts to connect to a chosen rendezvous point 8
times, not 30. Fixes bug #4241; bugfix on 0.1.0.1-rc.
o Minor bugfixes (bridge client):
- Stop accepting bridge lines containing hostnames. Doing so allowed
clients to perform DNS requests on the hostnames, which was not
sensible behavior. Fixes bug 10801; bugfix on 0.2.0.1-alpha.
- Fix a bug where a client-side Tor with pluggable transports
would take 60 seconds to bootstrap if a config re-read was
triggered at just the right timing during bootstrap. Refixes bug
11156; bugfix on 0.2.5.3-alpha.
- Avoid 60-second delays in the bootstrapping process when Tor
is launching for a second time while using bridges. Fixes bug 9229;
- Fix a bug where a client-side Tor with pluggable transports would
take 60 seconds to bootstrap if a config re-read was triggered at
just the right timing during bootstrap. Refixes bug 11156; bugfix
on 0.2.5.3-alpha.
- Avoid 60-second delays in the bootstrapping process when Tor is
launching for a second time while using bridges. Fixes bug 9229;
bugfix on 0.2.0.3-alpha.
o Minor bugfixes (DNS):
- When receing a DNS query for an unsupported type, reply with
no answer rather than with a NOTIMPL error. This behavior isn't
- When receing a DNS query for an unsupported type, reply with no
answer rather than with a NOTIMPL error. This behavior isn't
correct either, but it will break fewer client programs, we hope.
Fixes bug 10268; bugfix on 0.2.0.1-alpha. Original patch
from "epoch".
Fixes bug 10268; bugfix on 0.2.0.1-alpha. Original patch from
"epoch".
o Minor bugfixes (exit):
- Stop leaking memory when we successfully resolve a PTR record.
Fixes bug 11437; bugfix on 0.2.4.7-alpha.
o Minor features (Transparent proxy):
- Support the ipfw firewall interface for transparent proxy support on
FreeBSD. To enable it, set "TransProxyType ipfw" in your torrc.
- Support the ipfw firewall interface for transparent proxy support
on FreeBSD. To enable it, set "TransProxyType ipfw" in your torrc.
Resolves ticket 10267; patch from "yurivict".
- Support OpenBSD's divert-to rules with the pf firewall, when
"TransProxyType pf-divert" is specified. This allows Tor to run a
@ -178,93 +181,90 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
from Dana Koch.
o Minor features (security):
- New --enable-expensive-hardening option to turn on security hardening
options that consume nontrivial amounts of CPU and memory. Right now,
this includes AddressSanitizer and UbSan. Closes ticket 11477.
- New --enable-expensive-hardening option to turn on security
hardening options that consume nontrivial amounts of CPU and
memory. Right now, this includes AddressSanitizer and UbSan.
Closes ticket 11477.
- If you don't specify MaxMemInQueues yourself, Tor now tries to
pick a good value based on your total system memory. Previously,
the default was always 8 GB. You can still override the default by
setting MaxMemInQueues yourself. Resolves ticket 11396.
o Minor features (usability):
- Demote the message that we give when a flushing connection times
out for too long from NOTICE to INFO. It was usually meaningless.
Resolves ticket 5286.
- Don't log so many notice-level bootstrapping messages at startup about
downloading descriptors. Previously, we'd log a notice whenever we
learned about more routers. Now, we only log a notice at every 5% of
progress. Fixes bug 9963.
- Don't log so many notice-level bootstrapping messages at startup
about downloading descriptors. Previously, we'd log a notice
whenever we learned about more routers. Now, we only log a notice
at every 5% of progress. Fixes bug 9963.
o Minor features (performance, compatibility):
- Update the list of TLS cipehrsuites that a client advertises
to match those advertised by Firefox 28. This enables selection of
- Update the list of TLS cipehrsuites that a client advertises to
match those advertised by Firefox 28. This enables selection of
(fast) GCM ciphersuites, disables some strange old ciphers, and
disables the ECDH (not to be confused with ECDHE) ciphersuites.
Resolves ticket 11438.
o Minor bugfixes (IPv6):
- When using DNSPort and AutomapHostsOnResolve, respond to AAAA
requests with AAAA automapped answers. Fixes bug 10468; bugfix
on 0.2.4.7-alpha.
requests with AAAA automapped answers. Fixes bug 10468; bugfix on
0.2.4.7-alpha.
o Minor features (relay):
- If a circuit timed out for at least 3 minutes check if we have a new
external IP address the next time we run our routine checks. If our
IP address has changed, then publish a new descriptor with the new
IP address. Resolves ticket 2454.
- Warn less verbosely when receiving a misformed ESTABLISH_RENDEZVOUS
cell. Fixes ticket 11279.
- If a circuit timed out for at least 3 minutes check if we have a
new external IP address the next time we run our routine checks.
If our IP address has changed, then publish a new descriptor with
the new IP address. Resolves ticket 2454.
- Warn less verbosely when receiving a misformed
ESTABLISH_RENDEZVOUS cell. Fixes ticket 11279.
- When we run out of usable circuit IDs on a channel, log only one
warning for the whole channel, and include a description of
how many circuits there were on the channel. Fix for part of ticket
warning for the whole channel, and include a description of how
many circuits there were on the channel. Fix for part of ticket
#11553.
o Minor features (controller):
- Make the entire exit policy available from the control port via
GETINFO exit-policy/*. Implements enhancement #7952. Patch from
"rl1987".
- Because of the fix for ticket 11396, the real limit for memory
usage may no longer match the configured MaxMemInQueues value.
The real limit is now exposed via GETINFO limits/max-mem-in-queues.
usage may no longer match the configured MaxMemInQueues value. The
real limit is now exposed via GETINFO limits/max-mem-in-queues.
o Minor features (misc):
- Always check return values for unlink, munmap, UnmapViewOfFile;
check strftime return values more often. In some cases all we
can do is report a warning, but this may help prevent deeper
bugs from going unnoticed. Closes ticket 8787.
check strftime return values more often. In some cases all we can
do is report a warning, but this may help prevent deeper bugs from
going unnoticed. Closes ticket 8787.
o Minor features (bridge client):
- Report a failure to connect to a bridge because its transport
type has no configured pluggable transport as a new type of bootstrap
- Report a failure to connect to a bridge because its transport type
has no configured pluggable transport as a new type of bootstrap
failure. Resolves ticket 9665. Patch from Fábio J. Bertinatto.
o Minor features (diagnostic):
- Try harder to diagnose a possible cause of bug 7164, which causes
intermittent "microdesc_free() called but md was still referenced"
warnings. We now log more information about the likely error case,
to try to figure out why we might be cleaning a microdescriptor
as old if it's still referenced by a live node.
to try to figure out why we might be cleaning a microdescriptor as
old if it's still referenced by a live node.
o Documentation:
- Build the torify.1 manpage again. Previously, we were only
trying to build it when also building tor-fw-helper. That's why
we didn't notice that we'd broken the ability to build it.
Fixes bug 11321; bugfix on 0.2.5.1-alpha.
- Build the torify.1 manpage again. Previously, we were only trying
to build it when also building tor-fw-helper. That's why we didn't
notice that we'd broken the ability to build it. Fixes bug 11321;
bugfix on 0.2.5.1-alpha.
- Fix the layout of the SOCKSPort flags in the manpage. Fixes bug
11061; bugfix on 0.2.4.7-alpha.
- Correctly document that we search for a system torrc file before
looking in ~/.torrc. Fixes documentation side of 9213; bugfix
on 0.2.3.18-rc.
looking in ~/.torrc. Fixes documentation side of 9213; bugfix on
0.2.3.18-rc.
- Resolve warnings from Doxygen.
o Code simplifications and refactoring:
- Removing is_internal_IP() function. Resolves ticket 4645.
- Remove unused function circuit_dump_by_chan from circuitlist.c. Closes
issue #9107; patch from "marek".
- Remove unused function circuit_dump_by_chan from circuitlist.c.
Closes issue #9107; patch from "marek".
- Change our use of the ENUM_BF macro to avoid declarations that
confuse Doxygen.
@ -275,8 +275,8 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
Patch from Dana Koch.
o Removed code:
- Remove all code for the long unused v1 directory protocol. Resolves
ticket 11070.
- Remove all code for the long unused v1 directory protocol.
Resolves ticket 11070.

141
contrib/format_changelog.py Executable file
View File

@ -0,0 +1,141 @@
#!/usr/bin/python
# Copyright (c) 2014, The Tor Project, Inc.
# See LICENSE for licensing information
#
# This script reformats a section of the changelog to wrap everything to
# the right width and put blank lines in the right places. Eventually,
# it might include a linter.
#
# To run it, pipe a section of the changelog (starting with "Changes
# in Tor 0.x.y.z-alpha" through the script.)
import re
import sys
import textwrap
TP_MAINHEAD = 0
TP_HEADTEXT = 1
TP_BLANK = 2
TP_SECHEAD = 3
TP_ITEMFIRST = 4
TP_ITEMBODY = 5
def head_parser(line):
if re.match(r'^[A-Z]', line):
return TP_MAINHEAD
elif re.match(r'^ o ', line):
return TP_SECHEAD
elif re.match(r'^\s*$', line):
return TP_BLANK
else:
return TP_HEADTEXT
def body_parser(line):
if re.match(r'^ o ', line):
return TP_SECHEAD
elif re.match(r'^ -',line):
return TP_ITEMFIRST
elif re.match(r'^ \S', line):
return TP_ITEMBODY
elif re.match(r'^\s*$', line):
return TP_BLANK
else:
print "Weird line %r"%line
class ChangeLog(object):
def __init__(self):
self.mainhead = None
self.headtext = []
self.curgraf = None
self.sections = []
self.cursection = None
self.lineno = 0
def addLine(self, tp, line):
self.lineno += 1
if tp == TP_MAINHEAD:
assert not self.mainhead
self.mainhead = line
elif tp == TP_HEADTEXT:
if self.curgraf is None:
self.curgraf = []
self.headtext.append(self.curgraf)
self.curgraf.append(line)
elif tp == TP_BLANK:
self.curgraf = None
elif tp == TP_SECHEAD:
self.cursection = [ self.lineno, line, [] ]
self.sections.append(self.cursection)
elif tp == TP_ITEMFIRST:
item = ( self.lineno, [ [line] ])
self.curgraf = item[1][0]
self.cursection[2].append(item)
elif tp == TP_ITEMBODY:
if self.curgraf is None:
self.curgraf = []
self.cursection[2][1][-1].append(self.curgraf)
self.curgraf.append(line)
else:
assert "This" is "unreachable"
def lint_head(self, line, head):
m = re.match(r'^ *o ([^\(]+)((?:\([^\)]+\))?):', head)
if not m:
print >>sys.stderr, "Weird header format on line %s"%line
def lint_item(self, line, grafs, head_type):
pass
def lint(self):
self.head_lines = {}
for sec_line, sec_head, items in self.sections:
head_type = self.lint_head(sec_line, sec_head)
for item_line, grafs in items:
self.lint_item(item_line, grafs, head_type)
def dumpGraf(self,par,indent1,indent2=-1):
if indent2 == -1:
indent2 = indent1
text = " ".join(re.sub(r'\s+', ' ', line.strip()) for line in par)
print textwrap.fill(text, width=72,
initial_indent=" "*indent1,
subsequent_indent=" "*indent2)
def dump(self):
print self.mainhead
for par in self.headtext:
self.dumpGraf(par, 2)
print
for _,head,items in self.sections:
if not head.endswith(':'):
print >>sys.stderr, "adding : to %r"%head
head = head + ":"
print head
for _,grafs in items:
self.dumpGraf(grafs[0],4,6)
for par in grafs[1:]:
print
self.dumpGraf(par,6,6)
print
print
CL = ChangeLog()
parser = head_parser
for line in sys.stdin:
line = line.rstrip()
tp = parser(line)
CL.addLine(tp,line)
if tp == TP_SECHEAD:
parser = body_parser
CL.lint()
CL.dump()