summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog165
1 files changed, 83 insertions, 82 deletions
diff --git a/ChangeLog b/ChangeLog
index 7ad8373e25..4182330105 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,18 +2,15 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
This release includes several security and performance improvements
for clients and relays, including XXX
+ This release marks end-of-line for Tor 0.2.2.x; those Tor versions have
+ accumulated many known flaws; everyone should upgrade.
+
o Major features (security):
- Block authority signing keys that were used on an authorities
vulnerable to the "heartbleed" bug in openssl (CVE-2014-0160). (We
don't have any evidence that these keys _were_ compromised; we're
doing this to be prudent.) Resolves ticket 11464.
- o Deprecated versions:
- - Tor 0.2.2.x has reached end-of-life; it has received no patches or
- attention for some while. Directory authorities no longer accept
- descriptors from Tor relays running any version of Tor prior to
- Tor 0.2.3.16-alpha. Resolves ticket 11149.
-
o Major features (relay performance):
- Faster server-side lookups of rendezvous and introduction point
circuits by using hashtables instead of linear searches over all
@@ -56,6 +53,11 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
list is now well-considered, whereas the client list has been
chosen mainly for anti-fingerprinting purposes.) Resolves ticket
11528.
+ - Update the list of TLS cipehrsuites that a client advertises to
+ match those advertised by Firefox 28. This enables selection of
+ (fast) GCM ciphersuites, disables some strange old ciphers, and
+ disables the ECDH (not to be confused with ECDHE) ciphersuites.
+ Resolves ticket 11438.
o Major bugfixes (undefined behavior):
- Fix two instances of possible undefined behavior in channeltls.c
@@ -72,11 +74,79 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
some miscellaneous errors in our tests and codebase. Fix for bug
11232. Bugfixes on versions back as far as 0.2.1.11-alpha.
+ o Minor features (Transparent proxy, *BSD):
+ - Support the ipfw firewall interface for transparent proxy support
+ on FreeBSD. To enable it, set "TransProxyType ipfw" in your torrc.
+ Resolves ticket 10267; patch from "yurivict".
+ - Support OpenBSD's divert-to rules with the pf firewall, when
+ "TransProxyType pf-divert" is specified. This allows Tor to run a
+ TransPort transparent proxy port on OpenBSD 4.4 or later without
+ root privileges. See the pf.conf(5) manual page for information on
+ configuring pf to use divert-to rules. Closes ticket 10896; patch
+ from Dana Koch.
+
+ o Minor features (security):
+ - New --enable-expensive-hardening option to turn on security
+ hardening options that consume nontrivial amounts of CPU and
+ memory. Right now, this includes AddressSanitizer and UbSan.
+ Closes ticket 11477.
+ - If you don't specify MaxMemInQueues yourself, Tor now tries to
+ pick a good value based on your total system memory. Previously,
+ the default was always 8 GB. You can still override the default by
+ setting MaxMemInQueues yourself. Resolves ticket 11396.
+
+ o Minor features (log verbosity):
+ - Demote the message that we give when a flushing connection times
+ out for too long from NOTICE to INFO. It was usually meaningless.
+ Resolves ticket 5286.
+ - Don't log so many notice-level bootstrapping messages at startup
+ about downloading descriptors. Previously, we'd log a notice
+ whenever we learned about more routers. Now, we only log a notice
+ at every 5% of progress. Fixes bug 9963.
+
+ o Minor features (relay):
+ - If a circuit timed out for at least 3 minutes check if we have a
+ new external IP address the next time we run our routine checks.
+ If our IP address has changed, then publish a new descriptor with
+ the new IP address. Resolves ticket 2454.
+ - Warn less verbosely when receiving a misformed
+ ESTABLISH_RENDEZVOUS cell. Fixes ticket 11279.
+ - When we run out of usable circuit IDs on a channel, log only one
+ warning for the whole channel, and include a description of how
+ many circuits there were on the channel. Fix for part of ticket
+ #11553.
+
+ o Minor features (controller):
+ - Make the entire exit policy available from the control port via
+ GETINFO exit-policy/*. Implements enhancement #7952. Patch from
+ "rl1987".
+ - Because of the fix for ticket 11396, the real limit for memory
+ usage may no longer match the configured MaxMemInQueues value. The
+ real limit is now exposed via GETINFO limits/max-mem-in-queues.
+
+ o Minor features (misc):
+ - Always check return values for unlink, munmap, UnmapViewOfFile;
+ check strftime return values more often. In some cases all we can
+ do is report a warning, but this may help prevent deeper bugs from
+ going unnoticed. Closes ticket 8787.
+
+ o Minor features (bridge client):
+ - Report a failure to connect to a bridge because its transport type
+ has no configured pluggable transport as a new type of bootstrap
+ failure. Resolves ticket 9665. Patch from Fábio J. Bertinatto.
+
+ o Minor features (diagnostic):
+ - Try harder to diagnose a possible cause of bug 7164, which causes
+ intermittent "microdesc_free() called but md was still referenced"
+ warnings. We now log more information about the likely error case,
+ to try to figure out why we might be cleaning a microdescriptor as
+ old if it's still referenced by a live node.
+
o Minor bugfixes (logging):
- Log only one message when we start logging in an unsafe way.
Previously, we would log as many messages as we had problems. Fix
for #9870; bugfix on 0.2.5.1-alpha.
- - Using the Linux syscall sandbox no longer prevents stack-trace
+ - Using the Linux seccomp2 sandbox no longer prevents stack-trace
logging on crashes or errors. Fixes part 11465; bugfix on
0.2.5.1-alpha.
- Only report the first fatal boostrap error on a given OR
@@ -169,86 +239,11 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
- Stop leaking memory when we successfully resolve a PTR record.
Fixes bug 11437; bugfix on 0.2.4.7-alpha.
- o Minor features (Transparent proxy):
- - Support the ipfw firewall interface for transparent proxy support
- on FreeBSD. To enable it, set "TransProxyType ipfw" in your torrc.
- Resolves ticket 10267; patch from "yurivict".
- - Support OpenBSD's divert-to rules with the pf firewall, when
- "TransProxyType pf-divert" is specified. This allows Tor to run a
- TransPort transparent proxy port on OpenBSD 4.4 or later without
- root privileges. See the pf.conf(5) manual page for information on
- configuring pf to use divert-to rules. Closes ticket 10896; patch
- from Dana Koch.
-
- o Minor features (security):
- - New --enable-expensive-hardening option to turn on security
- hardening options that consume nontrivial amounts of CPU and
- memory. Right now, this includes AddressSanitizer and UbSan.
- Closes ticket 11477.
- - If you don't specify MaxMemInQueues yourself, Tor now tries to
- pick a good value based on your total system memory. Previously,
- the default was always 8 GB. You can still override the default by
- setting MaxMemInQueues yourself. Resolves ticket 11396.
-
- o Minor features (usability):
- - Demote the message that we give when a flushing connection times
- out for too long from NOTICE to INFO. It was usually meaningless.
- Resolves ticket 5286.
- - Don't log so many notice-level bootstrapping messages at startup
- about downloading descriptors. Previously, we'd log a notice
- whenever we learned about more routers. Now, we only log a notice
- at every 5% of progress. Fixes bug 9963.
-
- o Minor features (performance, compatibility):
- - Update the list of TLS cipehrsuites that a client advertises to
- match those advertised by Firefox 28. This enables selection of
- (fast) GCM ciphersuites, disables some strange old ciphers, and
- disables the ECDH (not to be confused with ECDHE) ciphersuites.
- Resolves ticket 11438.
-
o Minor bugfixes (IPv6):
- When using DNSPort and AutomapHostsOnResolve, respond to AAAA
requests with AAAA automapped answers. Fixes bug 10468; bugfix on
0.2.4.7-alpha.
- o Minor features (relay):
- - If a circuit timed out for at least 3 minutes check if we have a
- new external IP address the next time we run our routine checks.
- If our IP address has changed, then publish a new descriptor with
- the new IP address. Resolves ticket 2454.
- - Warn less verbosely when receiving a misformed
- ESTABLISH_RENDEZVOUS cell. Fixes ticket 11279.
- - When we run out of usable circuit IDs on a channel, log only one
- warning for the whole channel, and include a description of how
- many circuits there were on the channel. Fix for part of ticket
- #11553.
-
- o Minor features (controller):
- - Make the entire exit policy available from the control port via
- GETINFO exit-policy/*. Implements enhancement #7952. Patch from
- "rl1987".
- - Because of the fix for ticket 11396, the real limit for memory
- usage may no longer match the configured MaxMemInQueues value. The
- real limit is now exposed via GETINFO limits/max-mem-in-queues.
-
- o Minor features (misc):
- - Always check return values for unlink, munmap, UnmapViewOfFile;
- check strftime return values more often. In some cases all we can
- do is report a warning, but this may help prevent deeper bugs from
- going unnoticed. Closes ticket 8787.
-
- o Minor features (bridge client):
- - Report a failure to connect to a bridge because its transport type
- has no configured pluggable transport as a new type of bootstrap
- failure. Resolves ticket 9665. Patch from Fábio J. Bertinatto.
-
- o Minor features (diagnostic):
- - Try harder to diagnose a possible cause of bug 7164, which causes
- intermittent "microdesc_free() called but md was still referenced"
- warnings. We now log more information about the likely error case,
- to try to figure out why we might be cleaning a microdescriptor as
- old if it's still referenced by a live node.
-
o Documentation:
- Build the torify.1 manpage again. Previously, we were only trying
to build it when also building tor-fw-helper. That's why we didn't
@@ -268,6 +263,12 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
- Change our use of the ENUM_BF macro to avoid declarations that
confuse Doxygen.
+ o Deprecated versions:
+ - Tor 0.2.2.x has reached end-of-life; it has received no patches or
+ attention for some while. Directory authorities no longer accept
+ descriptors from Tor relays running any version of Tor prior to
+ Tor 0.2.3.16-alpha. Resolves ticket 11149.
+
o Testing:
- New macros in test.h to simplify writting mock-functions for unit
tests. Part of ticket 11507. Patch from Dana Koch.