commit 1b14f12086254109e246be66370a6cd73150d985 Author: Roger Dingledine arma@torproject.org Date: Mon May 16 21:56:13 2011 -0400

elevate some changelog entries --- ChangeLog | 80 +++++++++++++++++++++++++++++++----------------------------- 1 files changed, 41 insertions(+), 39 deletions(-)

diff --git a/ChangeLog b/ChangeLog index 972692b..cc688ad 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -Changes in version 0.2.2.26-beta - 2011-05-1? +Changes in version 0.2.2.26-alpha - 2011-05-17 o Security/privacy fixes: - Replace all potentially sensitive memory comparison operations with versions whose runtime does not depend on the data being @@ -12,6 +12,9 @@ Changes in version 0.2.2.26-beta - 2011-05-1? wanted them or not. This wouldn't have let an attacker impersonate a hidden service, but it did let directories pre-seed a client with descriptors that it didn't want. Bugfix on 0.0.6. + - On SIGHUP, do not clear out all TrackHostExits mappings, client + DNS cache entries, and virtual address mappings: that's what + NEWNYM is for. Fixes bug 1345; bugfix on 0.1.0.1-rc.

o Major features: - The options SocksPort, ControlPort, and so on now all accept a @@ -22,6 +25,10 @@ Changes in version 0.2.2.26-beta - 2011-05-1? group-readable. Now users can run two Tor clients on the same system without needing to manually mess with parameters. Resolves part of ticket 3076. + - Set SO_REUSEADDR on all sockets, not just listeners. This should + help busy exit nodes avoid running out of useable ports just + because all the ports have been used in the near past. Resolves + issue 2850.

o Minor features: - New "GETINFO net/listeners/(type)" controller command to return @@ -40,33 +47,18 @@ Changes in version 0.2.2.26-beta - 2011-05-1? directory holding the socket, however, seems to work everywhere. - Rate-limit a warning about failures to download v2 networkstatus documents. Resolves part of bug 1352. - - Backport code from 0.2.3.x to allow directory authorities to clean - their microdescriptor caches. Needed to resolve bug 2230. + - Backport code from 0.2.3.x that allows directory authorities to + clean their microdescriptor caches. Needed to resolve bug 2230. - When an HTTPS proxy reports "403 Forbidden", we now explain what it means rather than calling it an unexpected status code. Closes bug 2503. Patch from Michael Yakubovich. - Update to the May 1 2011 Maxmind GeoLite Country database. - - Set SO_REUSEADDR on all sockets, not just listeners. This should - help busy exit nodes avoid running out of useable ports just - because all the ports have been used in the near past. Resolves - issue 2850.

o Minor bugfixes: - - When loading the microdesc journal, remember its current size. - In 0.2.2, this helps prevent the microdesc journal from growing - without limit on authorities (who are the only ones to use it in - 0.2.2). Fixes a part of bug 2230; bugfix on 0.2.2.6-alpha. - Fix posted by "cypherpunks." - - The microdesc journal is supposed to get rebuilt only if it is - at least _half_ the length of the store, not _twice_ the length - of the store. Bugfix on 0.2.2.6-alpha; fixes part of bug 2230. - Authorities now clean their microdesc cache periodically and when reading from disk initially, not only when adding new descriptors. This prevents a bug where we could lose microdescriptors. Bugfix on 0.2.2.6-alpha. 2230 - - Fix a potential null-pointer dereference while computing a - consensus. Bugfix on tor-0.2.0.3-alpha, found with the help of - clang's analyzer. - Do not crash when our configuration file becomes unreadable, for example due to a permissions change, between when we start up and when a controller calls SAVECONF. Fixes bug 3135; bugfix @@ -75,18 +67,19 @@ Changes in version 0.2.2.26-beta - 2011-05-1? cache on Windows. (We would try to replace the file while still holding it open. That's fine on Unix, but Windows doesn't let us do that.) Bugfix on 0.2.2.6-alpha; bug found by wanoskarnet. - - Avoid a possible null-pointer dereference when rebuilding the mdesc - cache without actually having any descriptors to cache. Bugfix on - 0.2.2.6-alpha. Issue discovered using clang's static analyzer. - - If we fail to compute the identity digest of a v3 legacy keypair, - warn, and don't use a buffer-full of junk instead. Bugfix on - 0.2.1.1-alpha; fixes bug 3106. - Add missing explanations for the authority-related torrc options RephistTrackTime, BridgePassword, and V3AuthUseLegacyKey in the man page. Resolves issue 2379. - - On SIGHUP, do not clear out all TrackHostExits mappings, client - DNS cache entries, and virtual address mappings: that's what - NEWNYM is for. Fixes bug 1345; bugfix on 0.1.0.1-rc. + - As an authority, do not upload our own vote or signature set to + ourself. It would tell us nothing new, and as of 0.2.2.24-alpha, + it would get flagged as a duplicate. Resolves bug 3026. + - Accept hidden service descriptors if we think we are a hidden + service directory, regardless of what our consensus says. This + helps robustness, since clients and hidden services can sometimes + have a more up-to-date view of the network consensus than we do, + and if they think that the directory authorities list us a HSDir, + we might actually be one. Related to bug 2732; bugfix on + 0.2.0.10-alpha. - When a controller changes TrackHostExits, remove mappings for hosts that should no longer have their exits tracked. Bugfix on 0.1.0.1-rc. @@ -99,23 +92,32 @@ Changes in version 0.2.2.26-beta - 2011-05-1? - Do not reset the bridge descriptor download status every time we re-parse our configuration or get a configuration change. Fixes bug 3019; bugfix on 0.2.0.3-alpha. + + o Minor bugfixes (code cleanup): + - When loading the microdesc journal, remember its current size. + In 0.2.2, this helps prevent the microdesc journal from growing + without limit on authorities (who are the only ones to use it in + 0.2.2). Fixes a part of bug 2230; bugfix on 0.2.2.6-alpha. + Fix posted by "cypherpunks." + - The microdesc journal is supposed to get rebuilt only if it is + at least _half_ the length of the store, not _twice_ the length + of the store. Bugfix on 0.2.2.6-alpha; fixes part of bug 2230. + - Fix a potential null-pointer dereference while computing a + consensus. Bugfix on tor-0.2.0.3-alpha, found with the help of + clang's analyzer. + - Avoid a possible null-pointer dereference when rebuilding the mdesc + cache without actually having any descriptors to cache. Bugfix on + 0.2.2.6-alpha. Issue discovered using clang's static analyzer. + - If we fail to compute the identity digest of a v3 legacy keypair, + warn, and don't use a buffer-full of junk instead. Bugfix on + 0.2.1.1-alpha; fixes bug 3106. - Resolve an untriggerable issue in smartlist_string_num_isin(), where if the function had ever in the future been used to check for the presence of a too-large number, it would have given an incorrect result. (Fortunately, we only used it for 16-bit values.) Fixes bug 3175; bugfix on 0.1.0.1-rc. - - Require that introduction point keys and onion keys have public - exponent 65537. Bugfix on 0.2.0.10-alpha. - - As an authority, do not upload our own vote or signature set to - ourself. It would tell us nothing new, and as of 0.2.2.24-alpha, - it would get flagged as a duplicate. Resolves bug 3026. - - Accept hidden service descriptors if we think we are a hidden - service directory, regardless of what our consensus says. This - helps robustness, since clients and hidden services can sometimes - have a more up-to-date view of the network consensus than we do, - and if they think that the directory authorities list us a HSDir, - we might actually be one. Related to bug 2732; bugfix on - 0.2.0.10-alpha. + - Require that introduction point keys and onion handshake keys + have public exponent 65537. Bugfix on 0.2.0.10-alpha.

o Removed features: - Caches no longer download and serve v2 networkstatus documents