diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-02-03 12:04:40 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-02-03 12:04:40 -0500 |
| commit | 7878668cab5076541eea36b904f268c664bb0e39 (patch) | |
| tree | 093bd5f132d48a8f9b2a7f35065042d592f4aed1 | |
| parent | 39606aece5753594bd492edfddbcdd6df13de442 (diff) | |
| download | tor-7878668cab5076541eea36b904f268c664bb0e39.tar.gz tor-7878668cab5076541eea36b904f268c664bb0e39.zip | |
Add a blurb, edit the changelog
| -rw-r--r-- | ChangeLog | 89 |
1 files changed, 50 insertions, 39 deletions
@@ -1,5 +1,14 @@ Changes in version 0.3.0.3-alpha - 2017-02-03 - BLURB BLURB BLURB. + Tor 0.3.0.3-alpha fixes a few significant bugs introduced over the + 0.3.0.x development series, including some that could cause + authorities to behave badly. There is also a fix for a longstanding + bug that could prevent IPv6 exits from working. Tor 0.3.0.3-alpha also + includes some smaller features and bugfixes. + + The Tor 0.3.0.x release series is now in patch-freeze: no additional + features will be considered for inclusion in 0.3.0.x. We suspect that + some bugs will probably remain, however, and we encourage people to + test this release. o Major bugfixes (directory authority): - During voting, when marking a node as a probable sybil, do not @@ -14,20 +23,20 @@ Changes in version 0.3.0.3-alpha - 2017-02-03 o Major bugfixes (entry guards): - Stop trying to build circuits through entry guards for which we - have no descriptor yet. Also, stop crashing if we *do* + have no descriptor. Also, stop crashing in the case that we *do* accidentally try to build a circuit in such a state. Fixes bug 21242; bugfix on 0.3.0.1-alpha. o Major bugfixes (IPv6 Exits): - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects - IPv6 addresses. Instead, only reject a port over IPv6 if the exit - policy rejects that port on more than an IPv6 /16 of addresses. - This bug was made worse by 17027 in 0.2.8.1-alpha, which rejects a - relay's own IPv6 address by default. Fixes bug 21357; bugfix on - commit 004f3f4e53 in 0.2.4.7-alpha. + any IPv6 addresses. Instead, only reject a port over IPv6 if the + exit policy rejects that port on more than an IPv6 /16 of + addresses. This bug was made worse by 17027 in 0.2.8.1-alpha, + which rejected a relay's own IPv6 address by default. Fixes bug + 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha. o Minor feature (client): - - Enable IPv6 traffic by default on the SocksPort. To disable this, + - Enable IPv6 traffic on the SocksPort by default. To disable this, a user will have to specify "NoIPv6Traffic". Closes ticket 21269. o Minor feature (fallback scripts): @@ -36,10 +45,10 @@ Changes in version 0.3.0.3-alpha - 2017-02-03 20174. Patch by haxxpop. o Minor features (ciphersuite selection): + - Clients now advertise a list of ciphersuites closer to the ones + preferred by Firefox. Closes part of ticket 15426. - Allow servers to accept a wider range of ciphersuites, including chacha20-poly1305 and AES-CCM. Closes the other part of 15426. - - Clients now advertise a list of ciphersuites closer to the ones - preferred by Firefox. Closes ticket 15426. o Minor features (controller, configuration): - Each of the *Port options, such as SocksPort, ORPort, ControlPort, @@ -53,23 +62,24 @@ Changes in version 0.3.0.3-alpha - 2017-02-03 in feature 20956. Implements ticket 21300. o Minor features (portability, compilation): - - Autoconf now check to determine if OpenSSL structures are opaque, + - Autoconf now checks to determine if OpenSSL structures are opaque, instead of explicitly checking for OpenSSL version numbers. Part of ticket 21359. - Support building with recent LibreSSL code that uses opaque structures. Closes ticket 21359. o Minor features (relay): - - Allow separation of exit and relay traffic to different source IP - addresses. Closes ticket 17975. Written by Michael Sonntag. + - We now allow separation of exit and relay traffic to different + source IP addresses, using the OutboundBindAddressExit and + OutboundBindAddressOR options respectively. Closes ticket 17975. + Written by Michael Sonntag. o Minor bugfix (logging): - - Don't recommend the use of Tor2web in non anonymous mode. In that - mode, we disable client functionalities and recommending Tor2web - as a solution is a bad idea because in that case client loses all - anonymity. Tor2web should really only be used in very specific - cases and with users *knowing* what they do. Fixes bug 21294; - bugfix on 0.2.9.3-alpha. + - Don't recommend the use of Tor2web in non-anonymous mode. + Recommending Tor2web is a bad idea because the client loses all + anonymity. Tor2web shouldy only be used in specific cases by users + who *know* and understand the issues. Fixes bug 21294; bugfix + on 0.2.9.3-alpha. o Minor bugfixes (client): - Always recover from failures in extend_info_from_node(), in an @@ -90,38 +100,39 @@ Changes in version 0.3.0.3-alpha - 2017-02-03 o Minor bugfixes (configure, autoconf): - Rename the configure option --enable-expensive-hardening to - --enable-fragile-hardening. TROVE-2017-001 was triggerable only - through the expensive hardening which is making the tor daemon - abort when the issue is detected. Thus, it makes tor more at risk - of remote crashes but safer against RCE or heartbleed bug - category. Fixes bug 21290; bugfix on 0.2.5.4-alpha. + --enable-fragile-hardening. Expensive hardening makes the tor + daemon abort when some kinds of issues are detected. Thus, it + makes tor more at risk of remote crashes but safer against RCE or + heartbleed bug category. We now try to explain this issue in a + message from the configure script. Fixes bug 21290; bugfix + on 0.2.5.4-alpha. o Minor bugfixes (controller): - Restore the (deprecated) DROPGUARDS controller command. Fixes bug 20824; bugfix on 0.3.0.1-alpha. o Minor bugfixes (hidden service): - - Cleanup expiring intro point nodes if no circuit is associated to - it anymore. It was causing, rarely, the service to not open enough - introduction points circuit in the case we had dead expiring - nodes.; bugfix on 0.2.7.2-alpha. - - Stop modifying the value of our torrc option - HiddenServiceStatistics just because we're not a bridge or relay. - Use an internal value for what tor should use and keep the torrc - option intact. Fixes bug 21150; bugfix on 0.2.6.2-alpha. + - Clean up the code for expiring intro points with no associated + circuits. It was causing, rarely, a service with some expiring + nodes to not open enough introduction points. Fixes part of bug + 21302; bugfix on 0.2.7.2-alpha. + - Stop setting the torrc option HiddenServiceStatistics to "0" just + because we're not a bridge or relay. Instead, we preserve whatever + value the user set (or didn't set). Fixes bug 21150; bugfix + on 0.2.6.2-alpha. - Two possible underflow which would ultimately lead to creating a lot of introduction points circuits and closing them in a non stop loop. Fixes bug 21302; bugfix on 0.2.7.2-alpha. o Minor bugfixes (portability): - - Use "OpenBSD" pre-defined compiler macro instead of "OPENBSD" or - "__OpenBSD__". It is supported by OpenBSD itself and also most - OpenBSD variants like Bitrig. Fixes bug 20980; bugfix + - Use "OpenBSD" compiler macro instead of "OPENBSD" or "__OpenBSD__". + It is supported by OpenBSD itself, and also by most OpenBSD + variants (such as Bitrig). Fixes bug 20980; bugfix on 0.1.2.1-alpha. - - Do not silently truncate content of files if they are larger than - SIZE_MAX bytes. This issue could occur on 32 bit systems with - large file support and files which are larger than 4 GB. Fixes bug - 21134; bugfix on 0.3.0.1-alpha. + - When mapping a file of length greater than SIZE_MAX, do not + silently its contents. This issue could occur on 32 bit systems + with large file support and files which are larger than 4 GB. + Fixes bug 21134; bugfix on 0.3.0.1-alpha. o Minor bugfixes (tor-resolve): - The tor-resolve command line tool now rejects hostnames over 255 |