commit 1dc000f7df5092e0d6ff2c5b840aeecf2e4b284c Author: Nick Mathewson nickm@torproject.org Date: Tue Mar 18 22:52:09 2014 -0400
copy-edit the 0.2.5.3-alpha changelog even more --- ChangeLog | 90 +++++++++++++++++++++++++++++-------------------------------- 1 file changed, 43 insertions(+), 47 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 01bd93b..5d74911 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,34 +1,33 @@ Changes in version 0.2.5.3-alpha - 2014-03-?? Tor 0.2.5.3-alpha includes all the fixes from 0.2.4.21. It contains - two new anti-DoS features for Tor nodes, resolves a bug that was - keeping SOCKS5 support for IPv6 from working, fixes several annoying - usability issues for bridge users, and removes more old - code for unused directory formats. + two new anti-DoS features for Tor nodes, resolves a bug that kept + SOCKS5 support for IPv6 from working, fixes several annoying usability + issues for bridge users, and removes more old code for unused + directory formats.
The Tor 0.2.5.x release series is now in patch-freeze: no feature patches not already written will be considered for inclusion in 0.2.5.x.
o Major features (server security, DoS-resistance): - - When we run out of memory and we need to close circuits, also - consider how much memory is allocated in buffers for streams - attached to each circuit. + - When deciding whether we have run out of memory and we need to + close circuits, also consider memory allocated in buffers for + streams attached to each circuit.
This change, which extends an anti-DoS feature introduced in 0.2.4.13-alpha and improved in 0.2.4.14-alpha, lets Tor exit nodes better resist more memory-based DoS attacks than before. Since the - MaxMemInCellQueues option now applies to all queues, not only cell - queues, it is now renamed to MaxMemInQueues. This feature fixes - bug 10169. + MaxMemInCellQueues option now applies to all queues, it is renamed + to MaxMemInQueues. This feature fixes bug 10169. - Avoid hash-flooding denial-of-service attacks by using the secure SipHash-2-4 hash function for our hashtables. Without this feature, an attacker could degrade performance of a targeted client or server by flooding their data structures with a large - number of data entries all calculated to be stored at the same - hash table position, thereby slowing down hash table operations. - With this feature, hash table positions are derived from a - randomized cryptographic key, and an attacker cannot predict which - entries will collide. Closes ticket 4900. + number of entries to be stored at the same hash table position, + thereby slowing down the Tor instance. With this feature, hash + table positions are derived from a randomized cryptographic key, + and an attacker cannot predict which entries will collide. Closes + ticket 4900. - Decrease the lower limit of MaxMemInQueues to 256 MBytes, to better support Raspberry Pi users. Fixes bug 9686; bugfix on 0.2.4.14-alpha. @@ -36,11 +35,11 @@ Changes in version 0.2.5.3-alpha - 2014-03-?? o Minor features (bridges, pluggable transports): - Bridges now write the SHA1 digest of their identity key fingerprint (that is, a hash of a hash of their public key) to - notice-level logs and to a new hashed-fingerprint file. This will - help bridge operatorslook up their bridge in Globe and similar - tools. Resolves ticket 10884. - - Improve the message that gets displayed when Tor as a bridge is - using pluggable transports but doesn't have an Extended ORPort + notice-level logs, and to a new hashed-fingerprint file. This + information will help bridge operators look up their bridge in + Globe and similar tools. Resolves ticket 10884. + - Improve the message that Tor displays when running as a bridge + using pluggable transports without an Extended ORPort listener. Also, log the message in the log file too. Resolves ticket 11043. - Stop giving annoying warning messages when we decide not to launch @@ -50,7 +49,7 @@ Changes in version 0.2.5.3-alpha - 2014-03-?? o Minor features (other): - Add a new option, PredictedPortsRelevanceTime, to control how long after having received a request to connect to a given port Tor - will try to keep circuits ready in anticipation of future request + will try to keep circuits ready in anticipation of future requests for that port. Patch from "unixninja92"; implements ticket 9176. - Generate a warning if any ports are listed in the SocksPolicy, DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or @@ -74,23 +73,22 @@ Changes in version 0.2.5.3-alpha - 2014-03-?? bugfix on 0.2.5.1-alpha. Patch from Dana Koch.
o Minor bugfixes (client): - - Fix connections to IPv6 addresses over SOCKS5; previously, we were + - Fix connections to IPv6 addresses over SOCKS5. Previously, we were generating incorrect SOCKS5 responses, and confusing client applications. Fixes bug 10987; bugfix on 0.2.4.7-alpha. - - Raises a control port warning when we fail to connect to all of - our bridges. Previously, we didn't let the controller know, which - would make the bootstrap process stall. Fixes bug 11069; bugfix on + - Raise a control port warning when we fail to connect to all of + our bridges. Previously, we didn't inform the controller, and + the bootstrap process would stall. Fixes bug 11069; bugfix on tor-0.2.1.2-alpha. - Exit immediately when a process-owning controller exits. Previously, tor relays would wait for a little while after their - controller exited, as if they had gotten an INT signal-- but this - was problematic, since there was no feedback for the - user. Controllers that want to do a clean shutdown should send an - INT signal to let the user know what's going on. Fix for bug - 10449; bugfix on 0.2.2.28-beta. + controller exited, as if they had gotten an INT signal--but this + was problematic, since there was no feedback for the user. To do a + clean shutdown, controllers should send an INT signal and give Tor + a chance to clean up. Fix for bug 10449; bugfix on 0.2.2.28-beta. - Improve the log message when we can't connect to a hidden service - because we have excluded all of the hidden service directory nodes - hosting its descriptor. Improves on our fix for bug 10722, which + because all of the hidden service directory nodes hosting its + descriptor are excluded. Improves on our fix for bug 10722, which was a bugfix on 0.2.0.10-alpha. - Fix a bug where we would attempt to connect to bridges before our pluggable transports were configured, which resulted in some @@ -103,9 +101,8 @@ Changes in version 0.2.5.3-alpha - 2014-03-?? bugfix on 0.2.1.7-alpha. Patch from Matt Pagan. - Avoid crashing on a malformed resolv.conf file when running a server using Libevent 1. Fixes bug 8788; bugfix on 0.1.1.23. - - Give the correct URL in the warning message that we present when - trying to run a Tor relay on an ancient version of Windows. Fixes - bug 9393. + - Give the correct URL in the warning message when trying to run a + Tor relay on an ancient version of Windows. Fixes bug 9393. - Bridges now never collect statistics that were designed for relays. Fix for bug 5824; bugfix on 0.2.3.8-alpha. - Bridges now report complete directory request statistics. Related @@ -116,7 +113,7 @@ Changes in version 0.2.5.3-alpha - 2014-03-?? -fasynchronous-unwind-tables compiler option. This option is needed for platforms like 32-bit Intel where -fomit-frame-pointer is on by default and table generation is not. This doesn't yet - add Windows support yet; only Linux, OSX, and some BSD are + add Windows support yet; only Linux, OSX, and some BSDs are affected. Reported by 'cypherpunks'; fixes bug 11047; bugfix on 0.2.5.2-alpha. - Avoid strange behavior if two threads hit failed assertions at the @@ -125,9 +122,8 @@ Changes in version 0.2.5.3-alpha - 2014-03-?? intermediate results in the same buffer, and generated junk outputs.) Reported by "cypherpunks". Fixes bug 11048; bugfix on 0.2.5.2-alpha. - - Fix a 64-to-32-conversion compiler warning in - format_number_sigsafe(). Bugfix on 0.2.5.2-alpha; patch from Nick - Hopper. + - Fix a compiler warning in format_number_sigsafe(). Bugfix on + 0.2.5.2-alpha; patch from Nick Hopper.
o Removed code: - Remove all remaining code related to version-0 hidden service @@ -135,18 +131,18 @@ Changes in version 0.2.5.3-alpha - 2014-03-?? the rest of bug 10841.
o Documentation: - - Explain that SocksPolicy, DirPolicy, and their allies don't take - port arguments. Fixes ticket 11108. - - Fix the max client name length in the manpage's description of - HiddenServiceAuthorizeClient description: it should have been 16, - not 19. Fixes bug 11118; bugfix on 0.2.1.6-alpha. - - Document in the manpage that "KBytes" may also be written as - "kilobytes" or "KB", that "Kbits" may also be written as - "kilobits", and so forth. Closes ticket 9222. + - Explain that SocksPolicy, DirPolicy, and similar options don't + take port arguments. Fixes ticket 11108. + - Fix the manpage's description of HiddenServiceAuthorizeClient + description: it should have given the maximum client name length + as 16, not 19. Fixes bug 11118; bugfix on 0.2.1.6-alpha. - Fix a comment about the rend_server_descriptor_t.protocols field to more accurately describe its range. Also, make that field unsigned, to more accurately reflect its usage. Fixes bug 9099; bugfix on 0.2.1.5-alpha. + - Document in the manpage that "KBytes" may also be written as + "kilobytes" or "KB", that "Kbits" may also be written as + "kilobits", and so forth. Closes ticket 9222.
o Code simplifications and refactoring: - Get rid of router->address, since in all cases it was just the