summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2014-03-18 22:52:09 -0400
committerNick Mathewson <nickm@torproject.org>2014-03-18 22:52:09 -0400
commit1dc000f7df5092e0d6ff2c5b840aeecf2e4b284c (patch)
tree19baf175e0713cbf21c98ea2cd27c0a934917f42
parent42e7eb7017bfa6ff5ae955be3d762915d01fc02c (diff)
downloadtor-1dc000f7df5092e0d6ff2c5b840aeecf2e4b284c.tar.gz
tor-1dc000f7df5092e0d6ff2c5b840aeecf2e4b284c.zip
copy-edit the 0.2.5.3-alpha changelog even more
-rw-r--r--ChangeLog90
1 files changed, 43 insertions, 47 deletions
diff --git a/ChangeLog b/ChangeLog
index 01bd93b941..5d749114b8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,34 +1,33 @@
Changes in version 0.2.5.3-alpha - 2014-03-??
Tor 0.2.5.3-alpha includes all the fixes from 0.2.4.21. It contains
- two new anti-DoS features for Tor nodes, resolves a bug that was
- keeping SOCKS5 support for IPv6 from working, fixes several annoying
- usability issues for bridge users, and removes more old
- code for unused directory formats.
+ two new anti-DoS features for Tor nodes, resolves a bug that kept
+ SOCKS5 support for IPv6 from working, fixes several annoying usability
+ issues for bridge users, and removes more old code for unused
+ directory formats.
The Tor 0.2.5.x release series is now in patch-freeze: no feature
patches not already written will be considered for inclusion in
0.2.5.x.
o Major features (server security, DoS-resistance):
- - When we run out of memory and we need to close circuits, also
- consider how much memory is allocated in buffers for streams
- attached to each circuit.
+ - When deciding whether we have run out of memory and we need to
+ close circuits, also consider memory allocated in buffers for
+ streams attached to each circuit.
This change, which extends an anti-DoS feature introduced in
0.2.4.13-alpha and improved in 0.2.4.14-alpha, lets Tor exit nodes
better resist more memory-based DoS attacks than before. Since the
- MaxMemInCellQueues option now applies to all queues, not only cell
- queues, it is now renamed to MaxMemInQueues. This feature fixes
- bug 10169.
+ MaxMemInCellQueues option now applies to all queues, it is renamed
+ to MaxMemInQueues. This feature fixes bug 10169.
- Avoid hash-flooding denial-of-service attacks by using the secure
SipHash-2-4 hash function for our hashtables. Without this
feature, an attacker could degrade performance of a targeted
client or server by flooding their data structures with a large
- number of data entries all calculated to be stored at the same
- hash table position, thereby slowing down hash table operations.
- With this feature, hash table positions are derived from a
- randomized cryptographic key, and an attacker cannot predict which
- entries will collide. Closes ticket 4900.
+ number of entries to be stored at the same hash table position,
+ thereby slowing down the Tor instance. With this feature, hash
+ table positions are derived from a randomized cryptographic key,
+ and an attacker cannot predict which entries will collide. Closes
+ ticket 4900.
- Decrease the lower limit of MaxMemInQueues to 256 MBytes, to
better support Raspberry Pi users. Fixes bug 9686; bugfix on
0.2.4.14-alpha.
@@ -36,11 +35,11 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
o Minor features (bridges, pluggable transports):
- Bridges now write the SHA1 digest of their identity key
fingerprint (that is, a hash of a hash of their public key) to
- notice-level logs and to a new hashed-fingerprint file. This will
- help bridge operatorslook up their bridge in Globe and similar
- tools. Resolves ticket 10884.
- - Improve the message that gets displayed when Tor as a bridge is
- using pluggable transports but doesn't have an Extended ORPort
+ notice-level logs, and to a new hashed-fingerprint file. This
+ information will help bridge operators look up their bridge in
+ Globe and similar tools. Resolves ticket 10884.
+ - Improve the message that Tor displays when running as a bridge
+ using pluggable transports without an Extended ORPort
listener. Also, log the message in the log file too. Resolves
ticket 11043.
- Stop giving annoying warning messages when we decide not to launch
@@ -50,7 +49,7 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
o Minor features (other):
- Add a new option, PredictedPortsRelevanceTime, to control how long
after having received a request to connect to a given port Tor
- will try to keep circuits ready in anticipation of future request
+ will try to keep circuits ready in anticipation of future requests
for that port. Patch from "unixninja92"; implements ticket 9176.
- Generate a warning if any ports are listed in the SocksPolicy,
DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or
@@ -74,23 +73,22 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
bugfix on 0.2.5.1-alpha. Patch from Dana Koch.
o Minor bugfixes (client):
- - Fix connections to IPv6 addresses over SOCKS5; previously, we were
+ - Fix connections to IPv6 addresses over SOCKS5. Previously, we were
generating incorrect SOCKS5 responses, and confusing client
applications. Fixes bug 10987; bugfix on 0.2.4.7-alpha.
- - Raises a control port warning when we fail to connect to all of
- our bridges. Previously, we didn't let the controller know, which
- would make the bootstrap process stall. Fixes bug 11069; bugfix on
+ - Raise a control port warning when we fail to connect to all of
+ our bridges. Previously, we didn't inform the controller, and
+ the bootstrap process would stall. Fixes bug 11069; bugfix on
tor-0.2.1.2-alpha.
- Exit immediately when a process-owning controller exits.
Previously, tor relays would wait for a little while after their
- controller exited, as if they had gotten an INT signal-- but this
- was problematic, since there was no feedback for the
- user. Controllers that want to do a clean shutdown should send an
- INT signal to let the user know what's going on. Fix for bug
- 10449; bugfix on 0.2.2.28-beta.
+ controller exited, as if they had gotten an INT signal--but this
+ was problematic, since there was no feedback for the user. To do a
+ clean shutdown, controllers should send an INT signal and give Tor
+ a chance to clean up. Fix for bug 10449; bugfix on 0.2.2.28-beta.
- Improve the log message when we can't connect to a hidden service
- because we have excluded all of the hidden service directory nodes
- hosting its descriptor. Improves on our fix for bug 10722, which
+ because all of the hidden service directory nodes hosting its
+ descriptor are excluded. Improves on our fix for bug 10722, which
was a bugfix on 0.2.0.10-alpha.
- Fix a bug where we would attempt to connect to bridges before our
pluggable transports were configured, which resulted in some
@@ -103,9 +101,8 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
bugfix on 0.2.1.7-alpha. Patch from Matt Pagan.
- Avoid crashing on a malformed resolv.conf file when running a
server using Libevent 1. Fixes bug 8788; bugfix on 0.1.1.23.
- - Give the correct URL in the warning message that we present when
- trying to run a Tor relay on an ancient version of Windows. Fixes
- bug 9393.
+ - Give the correct URL in the warning message when trying to run a
+ Tor relay on an ancient version of Windows. Fixes bug 9393.
- Bridges now never collect statistics that were designed for
relays. Fix for bug 5824; bugfix on 0.2.3.8-alpha.
- Bridges now report complete directory request statistics. Related
@@ -116,7 +113,7 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
-fasynchronous-unwind-tables compiler option. This option is
needed for platforms like 32-bit Intel where -fomit-frame-pointer
is on by default and table generation is not. This doesn't yet
- add Windows support yet; only Linux, OSX, and some BSD are
+ add Windows support yet; only Linux, OSX, and some BSDs are
affected. Reported by 'cypherpunks'; fixes bug 11047; bugfix on
0.2.5.2-alpha.
- Avoid strange behavior if two threads hit failed assertions at the
@@ -125,9 +122,8 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
intermediate results in the same buffer, and generated junk
outputs.) Reported by "cypherpunks". Fixes bug 11048; bugfix on
0.2.5.2-alpha.
- - Fix a 64-to-32-conversion compiler warning in
- format_number_sigsafe(). Bugfix on 0.2.5.2-alpha; patch from Nick
- Hopper.
+ - Fix a compiler warning in format_number_sigsafe(). Bugfix on
+ 0.2.5.2-alpha; patch from Nick Hopper.
o Removed code:
- Remove all remaining code related to version-0 hidden service
@@ -135,18 +131,18 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
the rest of bug 10841.
o Documentation:
- - Explain that SocksPolicy, DirPolicy, and their allies don't take
- port arguments. Fixes ticket 11108.
- - Fix the max client name length in the manpage's description of
- HiddenServiceAuthorizeClient description: it should have been 16,
- not 19. Fixes bug 11118; bugfix on 0.2.1.6-alpha.
- - Document in the manpage that "KBytes" may also be written as
- "kilobytes" or "KB", that "Kbits" may also be written as
- "kilobits", and so forth. Closes ticket 9222.
+ - Explain that SocksPolicy, DirPolicy, and similar options don't
+ take port arguments. Fixes ticket 11108.
+ - Fix the manpage's description of HiddenServiceAuthorizeClient
+ description: it should have given the maximum client name length
+ as 16, not 19. Fixes bug 11118; bugfix on 0.2.1.6-alpha.
- Fix a comment about the rend_server_descriptor_t.protocols field
to more accurately describe its range. Also, make that field
unsigned, to more accurately reflect its usage. Fixes bug 9099;
bugfix on 0.2.1.5-alpha.
+ - Document in the manpage that "KBytes" may also be written as
+ "kilobytes" or "KB", that "Kbits" may also be written as
+ "kilobits", and so forth. Closes ticket 9222.
o Code simplifications and refactoring:
- Get rid of router->address, since in all cases it was just the