nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-19 20:46:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

do a pass over the 0.3.1.1-alpha changelog

Browse Source
This commit is contained in:
Roger Dingledine 2017-05-19 20:49:44 -04:00
parent 09b3cb0d72
commit fd860a77ea
1 changed files with 49 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
ChangeLog
View File

@ -17,15 +17,17 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
now request these documents when available. When both client and
server use this new protocol, they will use far less bandwidth (up
to 94% less) to keep the client's consensus up-to-date. Implements
proposal 140; closes ticket 13339. Based on work by by
Daniel Martí.
proposal 140; closes ticket 13339. Based on work by Daniel Martí.
- Tor can now compress directory traffic with lzma or with zstd
compression algoritms, which can deliver better bandwidth
compression algorithms, which can deliver better bandwidth
performance. Because lzma is computationally expensive, it's only
used for documents that can be compressed once and served many
times. Support for these algorithms requires that tor is build
times. Support for these algorithms requires that tor is built
with the libzstd and/or liblzma libraries available. Implements
proposal 278; closes ticket 21662.
- Relays now perform the more expensive compression operations, and
consensus diff generation, in worker threads. This separation
avoids delaying the main thread when a new consensus arrives.
o Major features (experimental):
- Tor can now build modules written in Rust. To turn this on, pass
@ -33,12 +35,13 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
get excited yet: currently, there is no actual Rust functionality
beyond some simple glue code, and a notice at startup to tell you
that Rust is running. Still, we hope that programmers and
packagers will try building Tor with rust support, so that we can
find issues, and solve portability problems. Closes ticket 22106.
packagers will try building Tor with Rust support, so that we can
find issues and solve portability problems. Closes ticket 22106.
o Major features (traffic analysis resistance):
- Client-to-relays connections can now send a padding cells every
1.5 to 9.5 seconds (tunable via consensus parameters). This will
- Connections between clients and relays now send a padding cell in
each direction every 1.5 to 9.5 seconds (tunable via consensus
parameters). This padding will
not resist specialized eavesdroppers, but it should be enough to
make many ISPs' routine network flow logging less useful in
traffic analysis against Tor users.
@ -92,26 +95,22 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
2017. Resolves ticket 21564.
o Minor features (hidden services, logging):
- Add more information to the message logged when a hidden service
descriptor has fewer introduction points than specified in
HiddenServiceNumIntroductionPoints. Follow up to tickets 21598 and
21599, closes ticket 21622.
- Log a message when a hidden service descriptor has fewer
introduction points than specified in
HiddenServiceNumIntroductionPoints. Closes ticket 21598.
HiddenServiceNumIntroductionPoints. Closes tickets 21598.
- Log a message when a hidden service reaches its introduction point
circuit limit, and when that limit is reset. Follow up to ticket
21594, closes ticket 21622.
21594; closes ticket 21622.
- Warn user if multiple entries in EntryNodes and at least one
HiddenService are used together. Pinning EntryNodes along with an
hidden service can be possibly harmful for instance see ticket
HiddenService are used together. Pinning EntryNodes along with a
hidden service can be possibly harmful; for instance see ticket
14917 or 21155. Closes ticket 21155.
o Minor features (include in torrc config files):
o Minor features (config options):
- Allow "%include" directives in torrc configuration files. These
directives import the settings from other files, or from all the
files in a directory. Closes ticket 1922. Code by Daniel Pinto.
- Make SAVECONF return error when overwriting a torrc that has
- Make SAVECONF return an error when overwriting a torrc that has
includes. Using SAVECONF with the FORCE option will allow it to
overwrite torrc even if includes are used. Related to ticket 1922.
- Add "GETINFO config-can-saveconf" to tell controllers if SAVECONF
@ -136,7 +135,8 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
from toralf.
o Minor features (performance):
- Our Keccak implementation now accesses memory more efficiently,
- Our Keccak (SHA-3) implementation now accesses memory more
efficiently,
especially on little-endian systems. Closes ticket 21737.
- Add an O(1) implementation of channel_find_by_global_id(), to
speed some controller functions.
@ -147,7 +147,7 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
4998; patch by Daniel Pinto.
o Minor features (safety):
- Add an explict check to extrainfo_parse_entry_from_string() for
- Add an explicit check to extrainfo_parse_entry_from_string() for
NULL inputs. We don't believe this can actually happen, but it may
help silence a warning from the Clang analyzer. Closes
ticket 21496.
@ -190,20 +190,21 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
unify CircuitIdleTimeout and PredictedPortsRelevanceTime into a
single option called CircuitsAvailableTimeout. Also, allow the
consensus to control the default values for both this preference
and lifespan of relay-to-relay connections. Fixes bug 17592;
and the lifespan of relay-to-relay connections. Fixes bug 17592;
bugfix on 0.2.5.5-alpha.
- Increase the intial circuit build timeout testing frequency, to
- Increase the initial circuit build timeout testing frequency, to
help ensure that ReducedConnectionPadding clients finish learning
a timeout before their orconn would expire. The initial testing
rate was set back in the days of TAP and before the Tor Browser
updater, when we had to be much more careful about new clients
making lots of circuits. With this change, a circuit build time is
learned in about 15-20 minutes, instead of ~100-120 minutes.
making lots of circuits. With this change, a circuit build timeout is
learned in about 15-20 minutes, instead of 100-120 minutes.
o Minor bugfixes (connection usage):
- Relays now log hourly statistics on the total number of
- Relays now log hourly statistics (look for
"channel_check_for_duplicates" lines) on the total number of
connections to other relays. If the number of connections per
relay unexpectedly large, this log message is at notice level.
relay is unexpectedly large, this log message is at notice level.
Otherwise it is at info.
- We use NETINFO cells to try to determine if both relays involved
in a connection will agree on the canonical status of that
@ -215,12 +216,12 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
relays. Fixes bug 17604; bugfix on 0.2.5.5-alpha.
o Minor bugfixes (controller):
- GETINFO onions/current and onions/detached no longer 551 on empty
lists. Fixes bug 21329; bugfix on 0.2.7.1-alpha.
- GETINFO onions/current and onions/detached no longer respond with
551 on empty lists. Fixes bug 21329; bugfix on 0.2.7.1-alpha.
- Trigger HS descriptor events on the control port when the client
fails to pick a hidden service directory for a hidden service.
This can happen if they all hidden service directories are in
ExcludeNodes, or they have all been queried inside the last 15
This can happen if all the hidden service directories are in
ExcludeNodes, or they have all been queried within the last 15
minutes. Fixes bug 22042; bugfix on 0.2.5.2-alpha.
o Minor bugfixes (directory authority):
@ -250,9 +251,9 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
selected. Fixes bug 20913; bugfix on 0.2.8.1-alpha.
o Minor bugfixes (hidden services):
- Stop printing a cryptic warning when a client tries to connect to
invalid port on a hidden service. Fixes bug 16706; bugfix
on 0.2.6.3-alpha.
- Stop printing a cryptic warning when a hidden service gets a request
to connect to a virtual port that it hasn't configured. Fixes bug
16706; bugfix on 0.2.6.3-alpha.
- Simplify hidden service descriptor creation by using an existing
flag to check if an introduction point is established. Fixes bug
21599; bugfix on 0.2.7.2-alpha.
@ -268,15 +269,15 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
21293; bugfix on 0.1.1.14-alpha.
o Minor bugfixes (testing):
- Make test-network.sh always call chutney's test-network.sh.
Previously, this only worked on systems which had bash installed,
due to some bash-specific code in the script. Fixes bug 19699;
bugfix on 0.3.0.4-rc. Follow-up to ticket 21581.
- Use unbuffered I/O for utility functions around the
process_handle_t type. This fixes unit test failures reported on
OpenBSD and FreeBSD. Fixes bug 21654; bugfix on 0.2.3.1-alpha.
- Make display of captured unit test log messages consistent. Fixes
bug 21510; bugfix on 0.2.9.3-alpha.
- Make test-network.sh always call chutney's test-network.sh.
Previously, this only worked on systems which had bash installed,
due to some bash-specific code in the script. Fixes bug 19699;
bugfix on 0.3.0.4-rc. Follow-up to ticket 21581.
o Minor bugfixes (voting consistency):
- Reject version numbers with non-numeric prefixes (such as +, -, or
@ -295,9 +296,9 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
- Isolate our use of the openssl headers so that they are only
included from our crypto wrapper modules, and from tests that
examine those modules' internals. Closes ticket 21841.
- Our API to launch directory requests has been simplified to be
more extensible and less error-prone. We'll use this to support
adding extra headers to directory requests. Closes ticket 21646.
- Simplify our API to launch directory requests, making it
more extensible and less error-prone. Now it's easier to add
extra headers to directory requests. Closes ticket 21646.
- Our base64 decoding functions no longer overestimate the output
space that they need when parsing unpadded inputs. Closes
ticket 17868.
@ -327,20 +328,18 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
o Removed features (configuration options, all in ticket 22060):
- These configuration options are now marked Obsolete, and no longer
have any affect: AllowInvalidNodes, AllowSingleHopCircuits,
have any effect: AllowInvalidNodes, AllowSingleHopCircuits,
AllowSingleHopExits, ExcludeSingleHopRelays, FastFirstHopPK,
TLSECGroup, WarnUnsafeSocks. They were first marked as deprecated
in 0.2.9.2-alpha and have now has been removed. The previous
default behavior is now always-on; the previous (less secure) non-
in 0.2.9.2-alpha and have now been removed. The previous
default behavior is now always chosen; the previous (less secure) non-
default behavior is now unavailable.
- CloseHSClientCircuitsImmediatelyOnTimeout was deprecated in
0.2.9.2-alpha and now has been removed. HS circuits never close on
circuit build timeout, they have a longer timeout period.
- CloseHSServiceRendCircuitsImmediatelyOnTimeout was deprecated in
0.2.9.2-alpha and now has been removed. HS circuits never close on
circuit build timeout, they have a long timeout period.
- CloseHSClientCircuitsImmediatelyOnTimeout and
CloseHSServiceRendCircuitsImmediatelyOnTimeout were deprecated in
0.2.9.2-alpha and now have been removed. HS circuits never close
on circuit build timeout; they have a longer timeout period.
- {Control,DNS,Dir,Socks,Trans,NATD,OR}ListenAddress were deprecated
in 0.2.9.2-alpha and now has been removed. Use the ORPort option
in 0.2.9.2-alpha and now have been removed. Use the ORPort option
(and others) to configure listen-only and advertise-only addresses.
o Removed features (tools):