commit 38ee959ea9f7b9a213487e37433a000b7e0df54d Author: Nick Mathewson nickm@torproject.org Date: Wed Aug 31 01:02:38 2011 -0400
First draft of an 0.2.3.3-alpha changelog --- ChangeLog | 135 +++++++++++++++++++++++++++++++++++++++++++++ changes/bug1692 | 5 -- changes/bug2930 | 5 -- changes/bug3550 | 5 -- changes/bug3607 | 15 ----- changes/bug3615 | 3 - changes/bug3643 | 4 - changes/bug3700 | 6 -- changes/bug3732 | 7 -- changes/bug3747 | 6 -- changes/bug3752 | 5 -- changes/bug3803 | 4 - changes/bug3804 | 9 --- changes/bug3805 | 5 -- changes/bug3814 | 4 - changes/fmt_addr | 4 - changes/geoip-august2011 | 3 - changes/le-win-threads | 3 - changes/microdescs_on | 5 -- changes/msvc_lround | 4 - changes/nmake | 3 - changes/optimistic-client | 9 --- changes/prop171 | 22 ------- changes/require-le-2.0.13 | 12 ---- 24 files changed, 135 insertions(+), 148 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 848f963..bbefe24 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,138 @@ +Changes in version 0.2.3.3-alpha - 2011-0?-?? + Tor 0.2.3.3-alpha adds a new major "stream isolation" feature to + improve Tor's security, and provides client-side support for several + the microdescriptor and optimistic data features introduced earlier in + the 0.2.3.x series. Also, it has numerous critical bugfixes in the + (optional) bufferevent-based networking backend. + + o Major features: + - You can now configure Tor so that streams from different + applications are isolated on different circuits, to prevent an + attacker who sees your streams leaving an exit node from linking + your sessions to one another. To do this, choose some way to + distinguish the applications: have them connect to different + SocksPorts, or have one of them use SOCKS4 while the other uses + SOCKS5, or have them pass different authentication strings to the + SOCKS proxy. Then, use the new SocksPort syntax to configure the + degree of isolation you need. This implements Proposal 171. + - The microdescriptor system is now on by default for clients. This + allows clients to download a much smaller amount of directory + information. To disable it, set "UseMicrodescriptors 0" in your + torrc file. + - Tor's firewall-helper feature, introduced in 0.2.3.1-alpha, now + supports Windows. + - When using an exit nodes running 0.2.3.x, clients can now + "optimistically" send data before the exit node reports that the + stream has opened. This saves a round trip when starting + connections where the client speaks first. This behavior is + controlled by a (currently disabled) consensus parameter. To turn + it on or off manually, use the "OptimisticData" torrc + option. Implements proposal 181; code by Ian Goldberg. + + o Major bugfixes (bufferevents): + - When using IOCP on windows, we need to enable Libevent windows + threading support. Bugfix on 0.2.3.1-alpha. + - The IOCP backend now works even when the user has not specified + the (internal, debbuging-only) _UseFilteringSSLBufferevents option. + Fixes part of bug 3752; bugfix on 0.2.3.1-alpha. + - Correctly record the bytes we've read and written when using + bufferevents, so that we can include them in our bandwidth history + and advertised bandwidth. Fixes bug 3803; bugfix on 0.2.3.1-alpha. + - Apply rate-limiting only at the bottom of a chain of filtering + bufferevents. This prevents us from filling up internal read + buffers and violating rate-limits when filtering bufferevents + are enabled. Bugfix on 0.2.3.1-alpha; fixes part of bug 3804. + - Add high-watermarks to the output buffers for filtered + bufferevents. This prevents us from filling up internal write + buffers and wasting CPU cycles when filtering bufferevents are + enabled. Bugfix on 0.2.3.1-alpha; fixes part of bug 3804. + - Correctly notice when data has been written from a bufferevent + without flushing it completely. Bugfix on 0.2.3.1-alpha; fixes + bug 3805. + - Fix a bug where server-side tunneled bufferevent-based directory + streams would get closed prematurely. Fixes 3814, bugfix on + 0.2.3.1-alpha. + + o Major bugfixes (on 0.2.2.x and earlier): [stet] + - If we're configured to write our ControlPorts to disk, only write + them after switching UID and creating the data directory. This way, + we don't fail when starting up with a nonexistent DataDirectory + and a ControlPortWriteToFile setting based on that directory. Fixes + bug 3747; bugfix on Tor 0.2.2.26-beta. + + o Minor features: + - There's a new syntax for specifying multiple client ports (such as + SOCKSPort, TransPort, DNSPort, NATDPort): you can now just declare + multiple *Port entries with full addr:port syntax on each. + The old *ListenAddress format is still supported, but you can't + mix it with the new *Port syntax. + - Added a new CONF_CHANGED event so that controllers can be notified + of any configuration changes made by other controllers, or by the + user. Implements #1692. + - Use evbuffer_copyout() in inspect_evbuffer(). This fixes a memory + leak when using bufferevents, and lets Libevent worry about how to + best copy data out of a buffer. + - Replace files in stats/ rather than appending to them. Now that we + include statistics in extra-info descriptors, it makes no sense to + keep old statistics forever. Implements #2930. + + o Minor features (build compatibility): + - Limited, experimental support for building with nmake and MSVC. + - Provide a substitute implementation of lround() for MSVC, which + apparently lacks it. Patch from Gisle Vanem. + + o Minor features: [stet] + - Update to the August 2 2011 Maxmind GeoLite Country database. + + o Minor bugfixes (on 0.2.3.x-alpha): + - Fix a spurious warning when parsing SOCKS requests with + bufferevents enabled. Fixes bug 3615; bugfix on 0.2.3.2-alpha. + - Get rid of a harmless warning that could happen on relays running + with bufferevents. The warning was caused by someone doing an http + request to a relay's orport. Also don't warn for a few related + non-errors. Fixes bug 3700; bugfix on 0.2.3.1-alpha. + + o Minor bugfixes (on 2.2.x and earlier): + - The "--quiet" and "--hush" options now apply not only to Tor's + behavior before logs are configured, but also to Tor's behavior in + the absense of configured logs. Fixes bug 3550; bugfix on + 0.2.0.10-alpha. + + o Minor bugfixes (on 2.2.x and earlier): [stet] + - Write several files in text mode, on OSes that distinguish text + mode from binary mode (namely, Windows). These files are: + 'buffer-stats', 'dirreq-stats', and 'entry-stats' on relays + that collect those statistics; 'client_keys' and 'hostname' for + hidden services that use authentication; and (in the tor-gencert + utility) newly generated identity and signing keys. Previously, + we wouldn't specify text mode or binary mode, leading to an + assertion failure. Fixes bug 3607. Bugfix on 0.2.1.1-alpha (when + the DirRecordUsageByCountry option which would have triggered + the assertion failure was added), although this assertion failure + would have occurred in tor-gencert on Windows in 0.2.0.1-alpha. + - Selectively disable deprecation warnings on OS X because Lion + started deprecating the shipped copy of openssl. Fixes bug 3643. + - Remove an extra pair of quotation marks around the error + message in control-port STATUS_GENERAL BUG events. Bugfix on + 0.1.2.6-alpha; fixes bug 3732. + - When unable to format an address as a string, report its value + as "???" rather than reusing the last formatted address. Bugfix + on 0.2.1.5-alpha. + + o Code simplifications and refactoring: + - Rewrote the listener-selection logic so that parsing which ports + we want to listen on is now separate form binding to the ports + we want. + + o Build changes: + - Building Tor with bufferevent support now requires Libevent + 2.0.13-stable or later. Previous versions of Libevent had bugs in + SSL-related bufferevents and related issues that would make Tor + work badly with bufferevents. Requiring 2.0.13-stable also allows + Tor with bufferevents to take advantage of Libevent APIs + introduced after 2.0.8-rc. + + Changes in version 0.2.2.32 - 2011-08-27 The Tor 0.2.2 release series is dedicated to the memory of Andreas Pfitzmann (1958-2010), a pioneer in anonymity and privacy research, diff --git a/changes/bug1692 b/changes/bug1692 deleted file mode 100644 index c2a71cc..0000000 --- a/changes/bug1692 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - CONF_CHANGED event is provided so that controllers can be notified - of any configuration changes made by other controllers/SETCONF/HUP. - Implements #1692. - diff --git a/changes/bug2930 b/changes/bug2930 deleted file mode 100644 index 8d28664..0000000 --- a/changes/bug2930 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Replace files in stats/ rather than appending to them. Now that we - include statistics in extra-info descriptors, it makes no sense to - keep old statistics forever. Implements #2930. - diff --git a/changes/bug3550 b/changes/bug3550 deleted file mode 100644 index 658179f..0000000 --- a/changes/bug3550 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - The "--quiet" and "--hush" options now apply not only to Tor's - behavior before user-configured logs are added, but also to - Tor's behavior in the absense of configured logs. Fixes bug - 3550; bugfix on 0.2.0.10-alpha. diff --git a/changes/bug3607 b/changes/bug3607 deleted file mode 100644 index 5ece219..0000000 --- a/changes/bug3607 +++ /dev/null @@ -1,15 +0,0 @@ - o Minor bugfixes: - - - Write several files in text mode, on OSes that distinguish text - mode from binary mode (namely, Windows). These files are: - buffer-stats, dirreq-stats, and entry-stats on relays that collect - those statistics; client_keys and hostname files for hidden - services that use authentication; and (in the tor-gencert utility) - newly generated identity and signing keys. Previously, we - wouldn't specify text mode or binary mode, leading to an assertion - failure. Fixes bug 3607. Bugfix on 0.2.1.1-alpha (when the - DirRecordUsageByCountry option which would have triggered the - assertion failure was added), although this assertion failure - would have occurred in tor-gencert on Windows in 0.2.0.1-alpha. - - diff --git a/changes/bug3615 b/changes/bug3615 deleted file mode 100644 index 704b3fa..0000000 --- a/changes/bug3615 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Fix a spurious warning when parsing SOCKS requests with - bufferevents enabled. Fixes bug 3615; bugfix on 0.2.3.2-alpha. diff --git a/changes/bug3643 b/changes/bug3643 deleted file mode 100644 index 86bd920..0000000 --- a/changes/bug3643 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Selectively disable deprecation warnings on OS X because Lion started - deprecating the shipped copy of openssl. Fixes bug 3643. - diff --git a/changes/bug3700 b/changes/bug3700 deleted file mode 100644 index cef7296..0000000 --- a/changes/bug3700 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Get rid of a harmless warning that could happen on relays running - with bufferevents. The warning was caused by someone doing an http - request to a relay's orport. Also don't warn for a few related - non-errors. Fixes bug 3700; bugfix on 0.2.3.1-alpha. - diff --git a/changes/bug3732 b/changes/bug3732 deleted file mode 100644 index 7a71d1a..0000000 --- a/changes/bug3732 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes: - - - Remove an extra pair of quotation marks around the error - message in control-port STATUS_GENERAL BUG events. Bugfix on - 0.1.2.6-alpha; fixes bug 3732. - - diff --git a/changes/bug3747 b/changes/bug3747 deleted file mode 100644 index 052dab1..0000000 --- a/changes/bug3747 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - Write control ports to disk only after switching UID and - creating the data directory. This way, we don't fail when - starting up with a nonexistant DataDirectory and a - ControlPortWriteToFile setting based on that directory. Fixes - bug 3747; bugfix on Tor 0.2.2.26-beta. \ No newline at end of file diff --git a/changes/bug3752 b/changes/bug3752 deleted file mode 100644 index 270f155..0000000 --- a/changes/bug3752 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - The IOCP backend now works even when the user has not specified - the (internal, debbuging-only) _UseFilteringSSLBufferevents option. - Fixes part of bug 3752; bugfix on 0.2.3.1-alpha. - diff --git a/changes/bug3803 b/changes/bug3803 deleted file mode 100644 index 2d50f0c..0000000 --- a/changes/bug3803 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (bufferevents): - - Correctly record the bytes we've read and written when using - bufferevents, so that we can include them in our bandwidth history - and advertised bandwidth. Fixes bug 3803; bugfix on 0.2.3.1-alpha. diff --git a/changes/bug3804 b/changes/bug3804 deleted file mode 100644 index 7ad091c..0000000 --- a/changes/bug3804 +++ /dev/null @@ -1,9 +0,0 @@ - o Major bugfixes (bufferevents): - - Apply rate-limiting only at the bottom of a chain of filtering - bufferevents. This prevents us from filling up internal read - buffers and violating rate-limits when filtering bufferevents - are enabled. Bugfix on 0.2.3.1-alpha; fixes part of bug 3804. - - Add high-watermarks to the output buffers for filtered - bufferevents. This prevents us from filling up internal write - buffers and wasting CPU cycles when filtering bufferevents are - enabled. Bugfix on 0.2.3.1-alpha; fixes part of bug 3804. diff --git a/changes/bug3805 b/changes/bug3805 deleted file mode 100644 index 9d12b81..0000000 --- a/changes/bug3805 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (bufferevents): - - Correctly notice when data has been written from a bufferevent - without flushing it completely. Bugfix on 0.2.3.1-alpha; fixes - bug 3805. - diff --git a/changes/bug3814 b/changes/bug3814 deleted file mode 100644 index 3db0e3e..0000000 --- a/changes/bug3814 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (bufferevents): - - Fix a bug where server-side tunneled bufferevent-based directory - streams would get closed prematurely. Fixes 3814, bugfix on - 0.2.3.1-alpha. diff --git a/changes/fmt_addr b/changes/fmt_addr deleted file mode 100644 index b88c9e1..0000000 --- a/changes/fmt_addr +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - When unable to format an address as a string, report its value - as "???" rather than reusing the last formatted address. Bugfix - on 0.2.1.5-alpha. diff --git a/changes/geoip-august2011 b/changes/geoip-august2011 deleted file mode 100644 index 6de8b0f..0000000 --- a/changes/geoip-august2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the August 2 2011 Maxmind GeoLite Country database. - diff --git a/changes/le-win-threads b/changes/le-win-threads deleted file mode 100644 index 5be44a2..0000000 --- a/changes/le-win-threads +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes (IOCP): - - When using IOCP on windows, we need to enable Libevent windows threading - support. Bugfix on 0.2.3.1-alpha. diff --git a/changes/microdescs_on b/changes/microdescs_on deleted file mode 100644 index 8299c1d..0000000 --- a/changes/microdescs_on +++ /dev/null @@ -1,5 +0,0 @@ - o Major features: - - The microdescriptor system is now on by default for clients. This - allows clients to use Tor while downloading a much smaller amount - of directory information. To disable it, set "UseMicrodescriptors 0" - in your torrc file. diff --git a/changes/msvc_lround b/changes/msvc_lround deleted file mode 100644 index e4aea95..0000000 --- a/changes/msvc_lround +++ /dev/null @@ -1,4 +0,0 @@ - o Build fixes: - - Provide a substitute implementation of lround() for MSVC, which - apparently lacks it. Patch from Gisle Vanem. - diff --git a/changes/nmake b/changes/nmake deleted file mode 100644 index 47f4f8f..0000000 --- a/changes/nmake +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (build compatibility): - - Limited, experimental support for building with nmake and MSVC. - diff --git a/changes/optimistic-client b/changes/optimistic-client deleted file mode 100644 index 9a21a41..0000000 --- a/changes/optimistic-client +++ /dev/null @@ -1,9 +0,0 @@ - o Major features: - - When using an exit nodes running 0.2.3.1-alpha and later, - clients can now "optimistically" send data on a stream before - the exit node reports that the stream has opened. This can save - a round trip when starting connections with protocols where the - client speaks first. This behavior is controlled by a (currently - disabled) networkstatus consensus parameter. To turn it on or - off manually, use the "OptimisticData" torrc option. Implements - proposal 181; code by Ian Goldberg. diff --git a/changes/prop171 b/changes/prop171 deleted file mode 100644 index 91c463f..0000000 --- a/changes/prop171 +++ /dev/null @@ -1,22 +0,0 @@ - o Major features: - - You can now configure Tor so that streams from different - applications are isolated on different circuits, to prevent an - attacker who sees your streams leaving an exit node from linking - your sessions to one another. To do this, choose some way to - distinguish the applications -- have them connect to different - SocksPorts, or have one of them use SOCKS4 while the other uses - SOCKS5, or have them pass different authentication strings to - the SOCKS proxy. Then use the new SocksPort syntax to configure - the degree of isolation you need. This implements Proposal 171. - - o Minor features: - - There's a new syntax for specifying multiple client ports (such as - SOCKSPort, TransPort, DNSPort, NATDPort): you can now just declare - multiple ...Port entries with full addr:port syntax on each. - The old ...ListenAddress format is still supported, but you can't - mix it with the new SOCKSPort syntax. - - o Code simplifications and refactoring: - - Rewrote the listener-selection logic so that parsing which ports - we want to listen on is now separate form binding to the ports - we want. diff --git a/changes/require-le-2.0.13 b/changes/require-le-2.0.13 deleted file mode 100644 index 56e7b31..0000000 --- a/changes/require-le-2.0.13 +++ /dev/null @@ -1,12 +0,0 @@ - o Build changes: - - Building Tor with bufferevent support now requires Libevent - 2.0.13-stable or later. Previous versions of Libevent had bugs - in SSL-related bufferevents and related issues that would make - Tor work badly with bufferevents. Requiring 2.0.13-stable also - means that Tor with bufferevents can take advantage of Libevent - APIs introduced after 2.0.8-rc. - - o Minor bugfixes: - - Use evbuffer_copyout() in inspect_evbuffer(). This fixes a memory - leak, and lets Libevent worry about how to best copy data out - of a buffer.
tor-commits@lists.torproject.org