commit ae2856b6f6c3f270f5713a622822106df6be318c Author: Roger Dingledine arma@torproject.org Date: Fri Sep 9 13:51:15 2011 -0400
start an 0.2.3.4-alpha changelog --- ChangeLog | 64 ++++++++++++++++++++++++++++++++++++++++++++++ changes/bug2649a | 5 --- changes/bug2649b | 5 --- changes/bug3327 | 14 ---------- changes/bug3421 | 6 ---- changes/bug3428b | 9 ------ changes/bug3851 | 4 --- changes/bug3894 | 4 --- changes/bug3909 | 3 -- changes/bug3923 | 5 --- changes/replay-firstpart | 13 --------- changes/split_entry_conn | 5 --- 12 files changed, 64 insertions(+), 73 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 1e0f850..75db367 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,67 @@ +Changes in version 0.2.3.4-alpha - 2011-09-?? + o Major bugfixes: + - Avoid an assertion failure when reloading a configuration with + TrackExitHosts changes. Found and fixed by 'laruldan'. Fixes bug + 3923; bugfix on 0.2.2.25-alpha. + + o Major features: + - Relays now try regenerating and uploading their descriptor more + frequently if they are not listed in the consensus, or if the + version of their descriptor listed in the consensus is too + old. This fix should prevent situations where a server declines + to re-publish itself because it has done so too recently, even + though the authorities decided not to list its recent-enough + descriptor. Fix for bug 3327. + + o Minor features (security): + - Check for replays of the public-key encrypted portion of an + INTRODUCE1 cell, in addition to the current check for replays of + the g^x value. This prevents a possible class of active attacks + by an attacker who controls both an introduction point and a + rendezvous point, and who uses the malleability of AES-CTR to + alter the encrypted g^x portion of the INTRODUCE1 cell. We think + that these attacks is infeasible (requiring the attacker to send + on the order of zettabytes of altered cells in a short interval), + but we'd rather block them off in case there are any classes of + this attack that we missed. Reported by Willem Pinckaers. + + o Minor features: + - Add a VoteOnHidServDirectoriesV2 configuration option to allow + directory authorities to abstain from voting on assignment of + the HSDir consensus flag. Related to bug 2649. + - Relays now include a reason for regenerating their descriptors + an HTTP header when uploading to the authorities. This will + make it easier to debug descriptor-upload issues in the future. + - When starting as root and then changing our UID via the User + control option, if we are running with ControlSocket, make sure + that the ControlSocket is owned by the same account that Tor will + run under. Implements ticket 3421; fix by Jérémy Bobbio. + + o Minor bugfixes: + - Change the default required uptime for a relay to be accepted as + a HSDir from 24 hours to 25 hours. Bugfix on 0.2.0.10-alpha; + fixes bug 2649. + - Abort if tor_vasprintf fails in connection_printf_to_buf (a + utility function used in the control-port code). This shouldn't + ever happen unless Tor is completely out of memory, but if it + did happen and Tor somehow recovered from it, Tor could have + sent a log message to a control port in the middle of a reply to + a controller command. Fixes part of bug 3428. + - Make 'FetchUselessDescriptors' cause all descriptor types and + all consensus types to get fetched. Fixes bug 3851; bugfix on + 0.2.3.1-alpha. + + o Build fixes: + - Clean up some code issues that prevented Tor from building on older + BSDs. Fixes bug 3894; reported by "grarpamp". + - Search for a platform-specific version of "ar" when cross-compiling. + Should fix builds on iOS. Found by Marco Bonetti. + + o Code refactoring: + - Make a new "entry connection" struct as an internal subtype of "edge + connection", to simplify the code and make exit connections smaller. + + Changes in version 0.2.3.3-alpha - 2011-09-01 Tor 0.2.3.3-alpha adds a new "stream isolation" feature to improve Tor's security, and provides client-side support for the microdescriptor diff --git a/changes/bug2649a b/changes/bug2649a deleted file mode 100644 index 4ee31eb..0000000 --- a/changes/bug2649a +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Add a VoteOnHidServDirectoriesV2 configuration option to allow - directory authorities to abstain from voting on assignment of - the HSDir consensus flag. Related to bug 2649. - diff --git a/changes/bug2649b b/changes/bug2649b deleted file mode 100644 index 1ff14e5..0000000 --- a/changes/bug2649b +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Change the default required uptime for a relay to be accepted as - a HSDir from 24 hours to 25 hours. Bugfix on 0.2.0.10-alpha; - fixes bug 2649. - diff --git a/changes/bug3327 b/changes/bug3327 deleted file mode 100644 index 454eb31..0000000 --- a/changes/bug3327 +++ /dev/null @@ -1,14 +0,0 @@ - o Major features: - - Relays now try regenerating and uploading their descriptor more - frequently if they are not listed in the consensus, or if the - version of their descriptor listed in the consensus is too - old. This fix should prevent situations where a server declines - to re-publish itself because it has done so too recently, even - though the authorities decided not to list its recent-enough - descriptor. Fix for bug 3327. - - o Minor features: - - Relays now include a reason for regenerating their descriptors - an HTTP header when uploading to the authorities. This will - make it easier to debug descriptor-upload issues in the future. - diff --git a/changes/bug3421 b/changes/bug3421 deleted file mode 100644 index 8a40729..0000000 --- a/changes/bug3421 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features: - - When starting as root and then changing our UID via the User - control option, if we are running with ControlSocket, make sure - that the ControlSocket is owned by the same account that Tor will - run under. Implements ticket 3421; fix by Jérémy Bobbio. - diff --git a/changes/bug3428b b/changes/bug3428b deleted file mode 100644 index 2cdd688..0000000 --- a/changes/bug3428b +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes: - - Abort if tor_vasprintf fails in connection_printf_to_buf (a - utility function used in the control-port code). This shouldn't - ever happen unless Tor is completely out of memory, but if it - had happened and Tor somehow recovered from it, Tor could have - sent a log message to a control port in the middle of a reply to - a controller command. Fixes part of bug 3428. - - diff --git a/changes/bug3851 b/changes/bug3851 deleted file mode 100644 index 91572f0..0000000 --- a/changes/bug3851 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Make 'FetchUselessDescriptors' cause all descriptor types and - all consensus types get fetched. Fixes bug 3851; bugfix on - 0.2.3.1-alpha. diff --git a/changes/bug3894 b/changes/bug3894 deleted file mode 100644 index 4c2220a..0000000 --- a/changes/bug3894 +++ /dev/null @@ -1,4 +0,0 @@ - o Build fixes: - - Clean up some code issues that prevented Tor from building on older - BSDs. Fixes bug 3894; reported by grarpamp. - diff --git a/changes/bug3909 b/changes/bug3909 deleted file mode 100644 index 0b4b292..0000000 --- a/changes/bug3909 +++ /dev/null @@ -1,3 +0,0 @@ - o Build fixes: - - Search for a platform-specific version of "ar" when cross-compiling. - Should fix builds on iOS. Found by Marco Bonetti. diff --git a/changes/bug3923 b/changes/bug3923 deleted file mode 100644 index 9c0e138..0000000 --- a/changes/bug3923 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfies: - - Avoid an assertion failure when reloading a configuration with - TrackExitHosts changes. Found and fixed by 'laruldan'. Fixes - bug 3923; bugfix on 0.2.2.25-alpha. - diff --git a/changes/replay-firstpart b/changes/replay-firstpart deleted file mode 100644 index f4a7767..0000000 --- a/changes/replay-firstpart +++ /dev/null @@ -1,13 +0,0 @@ - o Minor features (security): - - - Check for replays of the public-key encrypted portion of an - INTRODUCE1 cell, in addition to the current check for replays of - the g^x value. This prevents a possible class of active attacks - by an attacker who controls both an introduction point and a - rendezvous point, and who uses the malleability of AES-CTR to - alter the encrypted g^x portion of the INTRODUCE1 cell. We - think that these attacks is infeasible (requiring the attacker - to send on the order of zettabytes of altered cells in a short - interval), but we'd rather block them off in case there are any - classes of this attack that we missed. Reported by dvorak. - diff --git a/changes/split_entry_conn b/changes/split_entry_conn deleted file mode 100644 index c0a2eb6..0000000 --- a/changes/split_entry_conn +++ /dev/null @@ -1,5 +0,0 @@ - o Code refactoring: - - Make "entry connection" in to a new internal subtype of "edge - connection", to simplify the code and make exit connections - smaller. -