aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorRoger Dingledine <arma@torproject.org>2006-10-05 08:23:21 +0000
committerRoger Dingledine <arma@torproject.org>2006-10-05 08:23:21 +0000
commit64b5fd3194446aefe39480d0caf15d72531572d1 (patch)
tree4457eaa73fc7e801b0f28ff6e03a336cd891ba5d /ChangeLog
parent8c1121231720d659e2ad17db87ef58410b5bc867 (diff)
downloadtor-64b5fd3194446aefe39480d0caf15d72531572d1.tar.gz
tor-64b5fd3194446aefe39480d0caf15d72531572d1.zip
checkpoint some cleanups
svn:r8599
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog79
1 files changed, 38 insertions, 41 deletions
diff --git a/ChangeLog b/ChangeLog
index 745f1cf4f0..95a896f460 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,80 +9,77 @@ Changes in version 0.1.2.2-alpha - 2006-10-??
lookups; see doc/socks-extensions.txt for full information.
- Add a BEGIN_DIR relay cell type for an easier in-protocol way to
connect to directory servers through Tor. Previously, clients
- could only connect to directory servers over Tor from exit nodes,
- but couldn't get directory information anonymously from a non-exit
- cache without getting a separate exit node involved.
+ could only connect to directory servers over Tor from exit nodes.
o Minor features:
- Check for name servers (like Earthlink's) that hijack failing DNS
requests and replace the no-such-server answer with a "helpful"
- redirect to an advertising-driven search portal. We're a little
+ redirect to an advertising-driven search portal. We're a little
clever about this, in order to work around DNS hijackers who
"helpfully" decline to hijack known-invalid RFC2606 addresses.
Config option "ServerDNSDetectHijacking 0" lets you turn it off.
- When asked to resolve a hostname, don't use non-exit servers unless
- requested to do so. This allows servers with broken DNS to
- be useful to the network.
+ requested to do so. This allows servers with broken DNS to be
+ useful to the network.
- Add an "EnforceDistinctSubnets" option to control our "exclude
servers on the same /16" behavior. It's still on by default; this
is mostly for people who want to operate private test networks with
all the machines on the same subnet.
- If one of our entry guards is on the ExcludeNodes list, or the
- directory authorities don't think it's a good guard, treat it as if it
- were unlisted: stop using it as a guard, and throw it off the guards
- list if it stays that way for a long time.
- - Allow directory authorities to be marked separately as authorities for
- the v1 directory protocol, the v2 directory protocol, and as hidden
- service directories, to make it easier to retire old authorities.
- V1 authorities should set "HSAuthoritativeDir 1" to continue being
- hidden service authorities too.
- - Reserve the nickname "Unnamed" for routers that can't pick a hostname;
- any router can call itself Unnamed; directory servers will never
- allocate Unnamed to any particular router; clients won't believe that
- any router is the canonical Unnamed.
- - New controller event to alert the controller when our server descriptor
- has changed.
+ directory authorities don't think it's a good guard, treat it as
+ if it were unlisted: stop using it as a guard, and throw it off
+ the guards list if it stays that way for a long time.
+ - Allow directory authorities to be marked separately as authorities
+ for the v1 directory protocol, the v2 directory protocol, and
+ as hidden service directories, to make it easier to retire old
+ authorities. V1 authorities should set "HSAuthoritativeDir 1"
+ to continue being hidden service authorities too.
+ - Reserve the nickname "Unnamed" for routers that can't pick
+ a hostname; any router can call itself Unnamed; directory
+ authorities will never allocate Unnamed to any particular router;
+ clients won't believe that any router is the canonical Unnamed.
+ - New controller event to alert the controller when our server
+ descriptor has changed.
- Only include function names in log messages for debugging messages;
- in other cases, the content of the message should be clear on its own,
- and including the function name only seems to confuse users.
- - Fix CIRC controller events so that controllers can learn the identity
- digests of non-Named servers used in circuit paths. (Fixes bug 336.)
- - Avoid choosing Exit nodes for entry or middle hops when the bandwidth
- available in non-Exit nodes is much higher then the bandwidth available
- in Exit nodes. (Fixes bug 200.)
+ in other cases, the content of the message should be clear on its
+ own, and including the function name only seems to confuse users.
+ - Fix CIRC controller events so that controllers can learn the
+ identity digests of non-Named servers used in circuit paths.
+ - Avoid choosing Exit nodes for entry or middle hops when the
+ bandwidth available in non-Exit nodes is much higher than the
+ bandwidth available in Exit nodes.
- Give more meaningful errors on control authentication failure.
- Avoid possibility of controller-triggered crash when misusing certain
commands from a v0 controller on platforms that do not handle
printf("%s",NULL) gracefully.
- - When deciding whether an IP is "local", check for IPs on the same /24
- as us. This prevents some false positives during reachability
- detection.
- - Avoid possibility of controller-triggered crash when misusing certain
- commands from a v0 controller on platforms that do not handle
+ - Avoid some false positives during reachability testing: don't try
+ to test via a server that's on the same /24 as us.
+ - Avoid controller-triggered crash when misusing certain commands
+ from a v0 controller on platforms that do not handle
printf("%s",NULL) gracefully.
- Add an (off by default) feature so that controllers can get more useful
- identifiers for servers. Instead of learning identity digests for
+ identifiers for servers. Instead of learning identity digests for
un-Named servers and nicknames for Named servers, the new identifiers
- include digest, nickname, and indication of Named status. See
+ include digest, nickname, and indication of Named status. See
control-spec.txt for more information.
o Security Fixes, minor:
- - If a client asked for a server by name, and we didn't have a
- descriptor for a named server with that name, we might return an
- old one.
+ - If a client asked for a server by name, and there's a named server
+ in our network-status but we don't have its descriptor yet, we
+ would return an unnamed one instead.
- Fix NetBSD bug that could allow someone to force uninitialized RAM
to be sent to a server's DNS resolver. This only affects NetBSD
and other platforms that do not bounds-check tolower().
- - Reject (most) attempts to use Tor as a one-hop proxy; if many people
- start using Tor as a one-hop proxy, exit nodes become a more attractive
- target for compromise. (Fixes bug 303.)
+ - Reject (most) attempts to use Tor circuits with length one. (If
+ many people start using Tor as a one-hop proxy, exit nodes become
+ a more attractive target for compromise.)
- Just because your DirPort is open doesn't mean people should be
able to remotely teach you about hidden service descriptors. Now
only accept rendezvous posts if you've got HSAuthoritativeDir set.
o Major bugfixes:
- Avoiding crashing on race condition in dns.c:
- tor_assert(! resolve->expire)
+ tor_assert(!resolve->expire)
- When a client asks the server to resolve (not connect to)
an address, and it has a cached answer, give them the cached answer.
Previously, the server would give them no answer at all.