mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
Merge more changes files (verbatim) into the changelog
This commit is contained in:
parent
4367cbd71b
commit
ab83a27450
87
ChangeLog
87
ChangeLog
@ -1,5 +1,11 @@
|
||||
Changes in version 0.2.5.4-alpha - 2014-04-??
|
||||
|
||||
o Major features (security):
|
||||
- Block authority signing keys that were used on an authorities
|
||||
vulnerable to the "heartbleed" bug in openssl (CVE-2014-0160).
|
||||
(We don't have any evidence that these keys _were_ compromised;
|
||||
we're doing this to be prudent.) Resolves ticket 11464.
|
||||
|
||||
o Deprecated versions:
|
||||
- Tor 0.2.2.x has reached end-of-life; it has received no patches or
|
||||
attention for some while. Directory authorities no longer accept
|
||||
@ -12,6 +18,32 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
|
||||
the circuits. These functions previously accounted between 3 and
|
||||
7% of CPU usage on some busy relays.
|
||||
|
||||
o Major features (seccomp2 sandbox):
|
||||
- Refinements and improvements to the Linux seccomp2 sandbox code:
|
||||
the sandbox can now run a test network for multiple hours without
|
||||
crashing. (Previous crash reasons included: reseeding the OpenSSL PRNG,
|
||||
seeding the Libevent PRNG, using the wrong combination of CLOEXEC and
|
||||
NONBLOCK at the same place and time, having server keys, being an
|
||||
authority, receiving a HUP, or using IPv6.) The sandbox is still
|
||||
experimental, and more bugs will probably turn up. To try it,
|
||||
enable "Sandbox 1" on a Linux host.
|
||||
- Strengthen the Linux seccomp2 sandbox code: the sandbox can now
|
||||
test the arguments for rename(), and blocks _sysctl() entirely.
|
||||
- When the Linux syscall sandbox finds an illegal system call, it
|
||||
now tries to log a stack trace before exiting. Resolves ticket
|
||||
11465.
|
||||
|
||||
o Major bugfixes (TLS cipher selection):
|
||||
- Generate the server's preference list for ciphersuites
|
||||
automatically based on uniform criteria, and considering all
|
||||
OpenSSL ciphersuites with acceptable strength and forward
|
||||
secrecy. (The sort order is: prefer AES to 3DES; break ties by
|
||||
preferring ECDHE to DHE; break ties by preferring GCM to CBC;
|
||||
break ties by preferring SHA384 to SHA256 to SHA1; and finally,
|
||||
break ties by preferring AES256 to AES128.) This resolves bugs
|
||||
#11513, #11492, #11498, #11499. Bugs reported by 'cypherpunks'.
|
||||
Bugfix on 0.2.4.8-alpha.
|
||||
|
||||
o Major bugfixes (undefined behavior):
|
||||
- Fix two instances of possible undefined behavior in channeltls.c
|
||||
that could, under unlucky circumstances, have led to a pointer
|
||||
@ -31,6 +63,26 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
|
||||
- Log only one message when we start logging in an unsafe
|
||||
way. Previously, we would log as many messages as we had
|
||||
problems. Fix for #9870; bugfix on 0.2.5.1-alpha.
|
||||
- Using the Linux syscall sandbox no longer prevents stack-trace
|
||||
logging on crashes or errors. Fixes part 11465; bugfix on
|
||||
0.2.5.1-alpha.
|
||||
- Only report the first fatal boostrap error on a given OR
|
||||
connection. This prevents controllers from declaring that a
|
||||
connection has failed because of "DONE" or other junk reasons.
|
||||
Fixes bug 10431; bugfix on 0.2.1.1-alpha.
|
||||
|
||||
o Minor bugfixes (closing channels):
|
||||
- If write_to_buf() in connection_write_to_buf_impl_() ever fails,
|
||||
check if it's an or_connection_t and correctly call
|
||||
connection_or_close_for_error() rather than connection_mark_for_close()
|
||||
directly. Fixes bug #11304; bugfix on 0.2.4.4-alpha.
|
||||
- When closing all connections on setting DisableNetwork to 1, use
|
||||
connection_or_close_normally() rather than closing orconns out from
|
||||
under the channel layer. Fixes bug #11306; bugfix on 0.2.4.4-alpha.
|
||||
|
||||
o Minor bugfixes (controller):
|
||||
- Avoid sending an garbage value to the controller when a circuit is
|
||||
cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha.
|
||||
|
||||
o Minor bugfixes (tor-fw-helper):
|
||||
- Allow tor-fw-helper to build again by adding src/ext to its
|
||||
@ -80,7 +132,34 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
|
||||
- Stop leaking memory when we successfully resolve a PTR record.
|
||||
Fixes bug 11437; bugfix on 0.2.4.7-alpha.
|
||||
|
||||
o Minor bugfixes (windows):
|
||||
o Minor features (Transparent proxy):
|
||||
- Support the ipfw firewall interface for transparent proxy support on
|
||||
FreeBSD. To enable it, set "TransProxyType ipfw" in your torrc.
|
||||
Resolves ticket 10267; patch from "yurivict".
|
||||
- Support OpenBSD's divert-to rules with the pf firewall, when
|
||||
"TransProxyType pf-divert" is specified. This allows Tor to run a
|
||||
TransPort transparent proxy port on OpenBSD 4.4 or later without
|
||||
root privileges. See the pf.conf(5) manual page for information on
|
||||
configuring pf to use divert-to rules. Closes ticket 10896; patch
|
||||
from Dana Koch.
|
||||
|
||||
o Minor features (security):
|
||||
- New --enable-expensive-hardening option to turn on security hardening
|
||||
options that consume nontrivial amounts of CPU and memory. Right now,
|
||||
this includes AddressSanitizer and UbSan. Closes ticket 11477.
|
||||
|
||||
o Minor features (usability):
|
||||
- Demote the message that we give when a flushing connection times
|
||||
out for too long from NOTICE to INFO. It was usually meaningless.
|
||||
Resolves ticket 5286.
|
||||
|
||||
o Minor features (performance, compatibility):
|
||||
- Update the list of TLS cipehrsuites that a client advertises
|
||||
to match those advertised by Firefox 28. This enables selection of
|
||||
(fast) GCM ciphersuites, disables some strange old ciphers, and
|
||||
disables the ECDH (not to be confused with ECDHE) ciphersuites.
|
||||
Resolves ticket 11438.
|
||||
|
||||
|
||||
o Minor bugfixes (IPv6):
|
||||
- When using DNSPort and AutomapHostsOnResolve, respond to AAAA
|
||||
@ -137,6 +216,12 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
|
||||
- Change our use of the ENUM_BF macro to avoid declarations that
|
||||
confuse Doxygen.
|
||||
|
||||
o Testing:
|
||||
- New macros in test.h to simplify writting mock-functions for unit
|
||||
tests. Part of ticket 11507. Patch from Dana Koch.
|
||||
- Complete tests for the status.c module. Resolves ticket 11507.
|
||||
Patch from Dana Koch.
|
||||
|
||||
o Removed code:
|
||||
- Remove all code for the long unused v1 directory protocol. Resolves
|
||||
ticket 11070.
|
||||
|
@ -1,4 +0,0 @@
|
||||
o Minor features:
|
||||
- Support the ipfw firewall interface for transparent proxy support on
|
||||
FreeBSD. To enable it, set "TransProxyType ipfw" in your torrc.
|
||||
Resolves ticket 10267; patch from "yurivict".
|
@ -1,8 +0,0 @@
|
||||
o Minor features:
|
||||
- Support OpenBSD's divert-to rules with the pf firewall, when
|
||||
"TransProxyType pf-divert" is specified. This allows Tor to run a
|
||||
TransPort transparent proxy port on OpenBSD 4.4 or later without
|
||||
root privileges. See the pf.conf(5) manual page for information on
|
||||
configuring pf to use divert-to rules. Closes ticket 10896; patch
|
||||
from Dana Koch.
|
||||
|
@ -1,7 +0,0 @@
|
||||
o Testing support:
|
||||
- New macros in test.h to simplify writting mock-functions for unit
|
||||
tests. Part of ticket 11507. Patch from Dana Koch.
|
||||
|
||||
o Testing:
|
||||
- Complete tests for the status.c module. Resolves ticket 11507.
|
||||
Patch from Dana Koch.
|
@ -1,5 +0,0 @@
|
||||
o Minor bugfixes:
|
||||
- Only report the first fatal boostrap error on a given OR
|
||||
connection. This prevents controllers from declaring that a
|
||||
connection has failed because of "DONE" or other junk reasons.
|
||||
Fixes bug 10431; bugfix on 0.2.1.1-alpha.
|
@ -1,5 +0,0 @@
|
||||
o Bugfixes:
|
||||
- If write_to_buf() in connection_write_to_buf_impl_() ever fails,
|
||||
check if it's an or_connection_t and correctly call
|
||||
connection_or_close_for_error() rather than connection_mark_for_close()
|
||||
directly. Fixes bug #11304; bugfix on 0.2.4.4-alpha.
|
@ -1,4 +0,0 @@
|
||||
o Bugfixes:
|
||||
- When closing all connections on setting DisableNetwork to 1, use
|
||||
connection_or_close_normally() rather than closing orconns out from
|
||||
under the channel layer. Fixes bug #11306; bugfix on 0.2.4.4-alpha.
|
@ -1,5 +0,0 @@
|
||||
o Major features (security):
|
||||
- Block authority signing keys that were used on an authorities
|
||||
vulnerable to the "heartbleed" bug in openssl (CVE-2014-0160).
|
||||
(We don't have any evidence that these keys _were_ compromised;
|
||||
we're doing this to be prudent.) Resolves ticket 11464.
|
@ -1,9 +0,0 @@
|
||||
o Minor features:
|
||||
- When the Linux syscall sandbox finds an illegal system call, it
|
||||
now tries to log a stack trace before exiting. Resolves ticket
|
||||
11465.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Using the Linux syscall sandbox no longer prevents stack-trace
|
||||
logging on crashes or errors. Fixes part 11465; bugfix on
|
||||
0.2.5.1-alpha.
|
@ -1,4 +0,0 @@
|
||||
o Minor features:
|
||||
- New --enable-expensive-hardening option to turn on security hardening
|
||||
options that consume nontrivial amounts of CPU and memory. Right now,
|
||||
this includes AddressSanitizer and UbSan. Closes ticket 11477.
|
@ -1,12 +0,0 @@
|
||||
o Major bugfixes:
|
||||
- Generate the server's preference list for ciphersuites
|
||||
automatically based on uniform criteria, and considering all
|
||||
OpenSSL ciphersuites with acceptable strength and forward
|
||||
secrecy. (The sort order is: prefer AES to 3DES; break ties by
|
||||
preferring ECDHE to DHE; break ties by preferring GCM to CBC;
|
||||
break ties by preferring SHA384 to SHA256 to SHA1; and finally,
|
||||
break ties by preferring AES256 to AES128.) This resolves bugs
|
||||
#11513, #11492, #11498, #11499. Bugs reported by 'cypherpunks'.
|
||||
Bugfix on 0.2.4.8-alpha.
|
||||
|
||||
|
@ -1,3 +0,0 @@
|
||||
o Minor bugfixes:
|
||||
- Avoid sending an garbage value to the controller when a circuit is
|
||||
cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha.
|
@ -1,4 +0,0 @@
|
||||
o Minor features:
|
||||
- Demote the message that we give when a flushing connection times
|
||||
out for too long from NOTICE to INFO. It was usually meaningless.
|
||||
Resolves ticket 5286.
|
@ -1,6 +0,0 @@
|
||||
o Minor features (performance, compatibility):
|
||||
- Update the list of TLS cipehrsuites that a client advertises
|
||||
to match those advertised by Firefox 28. This enables selection of
|
||||
(fast) GCM ciphersuites, disables some strange old ciphers, and
|
||||
disables the ECDH (not to be confused with ECDHE) ciphersuites.
|
||||
Resolves ticket 11438.
|
@ -1,13 +0,0 @@
|
||||
o Major features:
|
||||
- Refinements and improvements to the Linux seccomp2 sandbox code:
|
||||
the sandbox can now run a test network for multiple hours without
|
||||
crashing. (Previous crash reasons included: reseeding the OpenSSL PRNG,
|
||||
seeding the Libevent PRNG, using the wrong combination of CLOEXEC and
|
||||
NONBLOCK at the same place and time, having server keys, being an
|
||||
authority, receiving a HUP, or using IPv6.) The sandbox is still
|
||||
experimental, and more bugs will probably turn up. To try it,
|
||||
enable "Sandbox 1" on a Linux host.
|
||||
|
||||
- Strengthen the Linux seccomp2 sandbox code: the sandbox can now
|
||||
test the arguments for rename(), and blocks _sysctl() entirely.
|
||||
|
Loading…
Reference in New Issue
Block a user