diff options
author | Roger Dingledine <arma@torproject.org> | 2008-02-09 17:13:28 +0000 |
---|---|---|
committer | Roger Dingledine <arma@torproject.org> | 2008-02-09 17:13:28 +0000 |
commit | c254ba70c005dbaa926dbfddb678aa61a46ee68e (patch) | |
tree | ef70a93dbc7277662a12ec119bd6311ef59e087c /ChangeLog | |
parent | 965afb4970c4a913d54c8ba4827d0f61453980a4 (diff) | |
download | tor-c254ba70c005dbaa926dbfddb678aa61a46ee68e.tar.gz tor-c254ba70c005dbaa926dbfddb678aa61a46ee68e.zip |
rearrange the changelog
svn:r13446
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 93 |
1 files changed, 48 insertions, 45 deletions
@@ -1,72 +1,75 @@ -Changes in version 0.2.0.19-alpha - 2008-02-?? +Changes in version 0.2.0.19-alpha - 2008-02-09 + o Major features: + - Do not include recognizeable strings in the commonname part of + Tor's x509 certificates. + + o Major bugfixes: + - If we're a relay, avoid picking ourselves as an introduction point, + a rendezvous point, or as the final hop for internal circuits. Bug + reported by taranis and lodger. Bugfix on 0.1.2.x. + - Patch from "Andrew S. Lists" to catch when we contact a directory + mirror at IP address X and he says we look like we're coming from + IP address X. Bugfix on 0.1.2.x. + + o Minor features (security): + - Be more paranoid about overwriting sensitive memory on free(), + as a defensive programming tactic to ensure forward secrecy. + o Minor features (directory authority): - - Actually validate the options passed to AuthDirReject, AuthDirInvalid, - AuthDirBadDir, and AuthDirBadExit. + - Actually validate the options passed to AuthDirReject, + AuthDirInvalid, AuthDirBadDir, and AuthDirBadExit. + - Reject router descriptors with out-of-range bandwidthcapacity or + bandwidthburst values. o Minor features (controller): - Reject controller commands over 1MB in length. This keeps rogue processes from running us out of memory. o Minor features (misc): - - Reject router descriptors with out-of-range bandwidthcapacity or - bandwidthburst values. - Give more descriptive well-formedness errors for out-of-range hidden service descriptor/protocol versions. - - Make memory debugging output describe more about history of cell - allocation. - - o Minor features (security): - - Be slightly more paranoid about overwriting sensitive memory on free, - as a defensive programming tactic to ensure forward secrecy. - - Do not include recognizeable strings in the commonname part of - Tor's x509 certificates. + - Make memory debugging information describe more about history + of cell allocation, so we can help reduce our memory use. o Deprecated features (controller): - The status/version/num-versioning and status/version/num-concurring - GETINFO options are no longer useful in the V3 directory protocol: + GETINFO options are no longer useful in the v3 directory protocol: treat them as deprecated, and warn when they're used. - o Major bugfixes: - - If we're a relay, avoid picking ourselves as an introduction point, - a rendezvous point, or as the final hop for internal circuits. Bug - reported by taranis and lodger. Bugfix on 0.1.2.x. - - Patch from "Andrew S. Lists" to catch when we contact a directory - mirror at IP address X and he says we look like we're coming from - IP address X. Bugfix on 0.1.2.x. - o Minor bugfixes: + - When our consensus networkstatus has been expired for a while, stop + being willing to build circuits using it. Fixes bug 401. Bugfix + on 0.1.2.x. - Directory caches now fetch certificates from all authorities listed in a networkstatus consensus, even when they do not - recognize them. Fixes bug 571. Bugfix on 0.2.0.x. - - Stop recommending that every server operator send mail to tor-ops. - Resolves bug 597. Bugfix on 0.1.2.x. - - Detect version of OSX where malloc_good_size is present in the - library but never actually declared. Resolves bug 587. Bugfix - on 0.2.0.x. + recognize them. Fixes bug 571. Bugfix on 0.2.0.x. - When connecting to a bridge without specifying its key, insert the connection into the identity-to-connection map as soon as - a key is learned. Fixes bug 574. Bugfix on 0.2.0.x. - - When our consensus networkstatus has been expired for a while, stop - being willing to build circuits using it. Fixes bug 401. Bugfix on - 0.1.2.x. + a key is learned. Fixes bug 574. Bugfix on 0.2.0.x. + - Detect versions of OS X where malloc_good_size() is present in the + library but never actually declared. Resolves bug 587. Bugfix + on 0.2.0.x. - Stop incorrectly truncating zlib responses to directory authority - signature download requests. Fix for bug 593. Bugfix on 0.2.0.x. + signature download requests. Fixes bug 593. Bugfix on 0.2.0.x. + - Stop recommending that every server operator send mail to tor-ops. + Resolves bug 597. Bugfix on 0.1.2.x. - Don't trigger an assert if we start a directory authority with a private IP address (like 127.0.0.1). - - Avoid possible failures when generating a directory with routers with - over-long versions strings, or too many flags set. Bugfix on 0.1.2.x. + - Avoid possible failures when generating a directory with routers + with over-long versions strings, or too many flags set. Bugfix + on 0.1.2.x. - If an attempt to launch a DNS resolve request over the control port fails because we have overrun the limit on the number of connections, tell the controller that the request has failed. - - Avoid using too little bandwidth when Tor skips a few seconds. Bugfix - on 0.1.2.x. + - Avoid using too little bandwidth when our clock skips a few + seconds. Bugfix on 0.1.2.x. - Fix shell error when warning about missing packages in configure - script, on fedora or redhat machines. Bugfix on 0.2.0.x. + script, on Fedora or Red Hat machines. Bugfix on 0.2.0.x. - Do not become confused when receiving a spurious VERSIONS-like cell from a confused v1 client. Bugfix on 0.2.0.x. - - Re-fetch v2 (as well as v0) rend descriptors when all intro points for - a hidden service have failed. Patch from Karsten Loesing. Bugfix on - 0.2.0.x. + - Re-fetch v2 (as well as v0) rendezvous descriptors when all + introduction points for a hidden service have failed. Patch from + Karsten Loesing. Bugfix on 0.2.0.x. o Code simplifications and refactoring: - Remove some needless generality from cpuworker code, for improved @@ -74,8 +77,8 @@ Changes in version 0.2.0.19-alpha - 2008-02-?? - Stop overloading the circuit_t.onionskin field for both "onionskin from a CREATE cell that we are waiting for a cpuworker to be assigned" and "onionskin from an EXTEND cell that we are going to - send to an OR as soon as we are connected". - - Add an in-place version of aes_crypt so that we can avoid doing a + send to an OR as soon as we are connected". Might help with bug 600. + - Add an in-place version of aes_crypt() so that we can avoid doing a needless memcpy() call on each cell payload. @@ -92,8 +95,8 @@ Changes in version 0.2.0.18-alpha - 2008-01-25 renegotiating handshake". Disable it again. Resolves bug 590. - We were computing the wrong Content-Length: header for directory responses that need to be compressed on the fly, causing clients - asking for those items to always fail. Bugfix on 0.2.0.x; fixes - bug 593. + asking for those items to always fail. Bugfix on 0.2.0.x; partially + fixes bug 593. o Major features: - Avoid going directly to the directory authorities even if you're a |