[or-cvs] r9275: i like this 0.1.2.5-alpha changelog better (tor/trunk)
arma at seul.org
arma at seul.org
Sat Jan 6 05:15:05 UTC 2007
Author: arma
Date: 2007-01-06 00:14:57 -0500 (Sat, 06 Jan 2007)
New Revision: 9275
Modified:
tor/trunk/ChangeLog
Log:
i like this 0.1.2.5-alpha changelog better
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2007-01-06 04:48:34 UTC (rev 9274)
+++ tor/trunk/ChangeLog 2007-01-06 05:14:57 UTC (rev 9275)
@@ -1,26 +1,24 @@
-Changes in version 0.1.2.5-alpha - 2007-01-03
+Changes in version 0.1.2.5-alpha - 2007-01-06
o Major features:
- - Enable "BEGIN_DIR" cells: prefer to connect to the directory
- server via TLS so we do encrypted directory requests rather than
- plaintext. On by default; disable via the TunnelDirConns config
- option if you like.
- Enable write limiting as well as read limiting. Now we sacrifice
capacity if we're pushing out lots of directory traffic, rather
than overrunning the user's intended bandwidth limits.
- - Authorities now include server versions in networkstatus. This adds
- about 2% to the side of compressed networkstatus docs, and allows
- clients to tell which servers support BEGIN_DIR and which don't.
- The implementation is forward-compatible with a proposed future
- protocol version scheme not tied to Tor versions.
- - Support running the Tor service with a torrc not in the
- same directory as tor.exe (Bug #356) and default to using the torrc
- located in the %appdata%\Tor\ of the user who installed the service.
- Patch from Matt Edman.
- Include TLS overhead when counting bandwidth usage; previously, we
would count only the bytes sent over TLS, but not the bytes used
to send them.
+ - Support running the Tor service with a torrc not in the same
+ directory as tor.exe and default to using the torrc located in
+ the %appdata%\Tor\ of the user who installed the service. Patch
+ from Matt Edman.
+ - Servers now check for the case when common DNS requests are going to
+ wildcarded addresses (i.e. all getting the same answer), and change
+ their exit policy to reject *:* if it's happening.
+ - Implement BEGIN_DIR cells, so we can connect to the directory
+ server via TLS to do encrypted directory requests rather than
+ plaintext. Enable via the TunnelDirConns and PreferTunneledDirConns
+ config options if you like.
- o Minor features:
+ o Minor features (config and docs):
- Start using the state file to store bandwidth accounting data:
the bw_accounting file is now obsolete. We'll keep generating it
for a while for people who are still using 0.1.2.4-alpha.
@@ -28,37 +26,44 @@
disk writes as possible while still storing important things in
a timely fashion.
- The state file and the bw_accounting file get saved less often when
- AvoidDiskWrites is set.
- - Ongoing work on eventdns infrastructure: add dns server and ipv6
- support.
+ the AvoidDiskWrites config option is set.
- Make PIDFile work on Windows (untested).
- Add internal descriptions for a bunch of configuration options:
accessible via controller interface and in comments in saved
options files.
- - Reject *:563 (NTTPS) in the default exit policy. We already reject
+ - Reject *:563 (NNTPS) in the default exit policy. We already reject
NNTP by default, so this seems like a sensible addition.
- - Avoid some inadvertent info leaks by making clients reject hostnames
- with invalid characters. Add an option "AllowNonRFC953Hostnames"
- to disable this behavior, in case somebody is running a private
- network with hosts called @, !, and #.
+ - Clients now reject hostnames with invalid characters. This should
+ avoid some inadvertent info leaks. Add an option
+ AllowNonRFC953Hostnames to disable this behavior, in case somebody
+ is running a private network with hosts called @, !, and #.
+ - Add a maintainer script to tell us which options are missing
+ documentation: "make check-docs".
- Add a new address-spec.txt document to describe our special-case
addresses: .exit, .onion, and .noconnnect.
- - Add a maintainer script to tell us which options are missing
- documentation: "make check-docs".
- - Remove some options that have been deprecated since at least
- 0.1.0.x: AccountingMaxKB, LogFile, DebugLogFile, LogLevel, and
- SysLog. Use AccountingMax instead of AccountingMaxKB, and use Log
- to set log options.
- - We no longer look for identity and onion keys in "identity.key" and
- "onion.key" -- these were replaced by secret_id_key and
- secret_onion_key in 0.0.8pre1.
- - We no longer require unrecognized directory entries to be
- preceded by "opt".
- - DirServer configuration lines now have an orport option so
+
+ o Minor features (DNS):
+ - Ongoing work on eventdns infrastructure: now it has dns server
+ and ipv6 support. One day Tor will make use of it.
+ - Add client-side caching for reverse DNS lookups.
+ - Add support to tor-resolve tool for reverse lookups and SOCKS5.
+ - When we change nameservers or IP addresses, reset and re-launch
+ our tests for DNS hijacking.
+
+ o Minor features (directory):
+ - Authorities now specify server versions in networkstatus. This adds
+ about 2% to the side of compressed networkstatus docs, and allows
+ clients to tell which servers support BEGIN_DIR and which don't.
+ The implementation is forward-compatible with a proposed future
+ protocol version scheme not tied to Tor versions.
+ - DirServer configuration lines now have an orport= option so
clients can open encrypted tunnels to the authorities without
having downloaded their descriptors yet. Enabled for moria1,
moria2, tor26, and lefkada now in the default configuration.
- - Clients track responses with status 503 from dirservers. After a
+ - Directory servers are more willing to send a 503 "busy" if they
+ are near their write limit, especially for v1 directory requests.
+ Now they can use their limited bandwidth for actual Tor traffic.
+ - Clients track responses with status 503 from dirservers. After a
dirserver has given us a 503, we try not to use it until an hour has
gone by, or until we have no dirservers that haven't given us a 503.
- When we get a 503 from a directory, and we're not a server, we don't
@@ -68,19 +73,31 @@
connections; don't report X-Your-Address-Is when it's an internal
address; and never believe reported remote addresses when they're
internal.
- - Add client-side caching for reverse DNS lookups.
- - Add support to tor-resolve for reverse lookups and SOCKS5.
- - We now check for the case when common DNS requests are going to
- wildcarded addresses, and change our exit policy to reject *:*
- if it's happening. (Bug #364)
- - When we change nameservers or IP addresses, reset and re-launch
- our tests for DNS hijacking.
- - Block an obscure DoS attack from directory caches.
+ - Protect against an unlikely DoS attack on directory servers.
- Add a BadDirectory flag to network status docs so that authorities
can (eventually) tell clients about caches they believe to be
broken.
- o Security bugfixes:
+ o Minor features (controller):
+ - Have GETINFO dir/status/* work on hosts with DirPort disabled.
+ - Reimplement GETINFO so that info/names stays in sync with the
+ actual keys.
+ - Implement "GETINFO fingerprint".
+ - Implement "SETEVENTS GUARD" so controllers can get updates on
+ entry guard status as it changes.
+
+ o Minor features (clean up obsolete pieces):
+ - Remove some options that have been deprecated since at least
+ 0.1.0.x: AccountingMaxKB, LogFile, DebugLogFile, LogLevel, and
+ SysLog. Use AccountingMax instead of AccountingMaxKB, and use Log
+ to set log options.
+ - We no longer look for identity and onion keys in "identity.key" and
+ "onion.key" -- these were replaced by secret_id_key and
+ secret_onion_key in 0.0.8pre1.
+ - We no longer require unrecognized directory entries to be
+ preceded by "opt".
+
+ o Major bugfixes (security):
- Stop sending the HttpProxyAuthenticator string to directory
servers when directory connections are tunnelled through Tor.
- Clients no longer store bandwidth history in the state file.
@@ -92,32 +109,33 @@
keys, so that we will rotate keys once they're a week old even if
we never stay up for a week ourselves.
- o Major bugfixes:
+ o Major bugfixes (other):
- Fix a longstanding bug in eventdns that prevented the count of
timed-out resolves from ever being reset. This bug caused us to
give up on a nameserver the third time it timed out, and try it
10 seconds later... and to give up on it every time it timed out
- after that. (May fix bug 326.)
+ after that.
- Take out the '5 second' timeout from the connection retry
schedule. Now the first connect attempt will wait a full 10
seconds before switching to a new circuit. Perhaps this will help
a lot. Based on observations from Mike Perry.
- Fix a bug on the Windows implementation of tor_mmap_file() that
- would prevent the cached-routers file from ever loading (reported
- by John Kimble).
+ would prevent the cached-routers file from ever loading. Reported
+ by John Kimble.
o Minor bugfixes:
- - Fix a bug when a BSD-style PF socket is first used. (Patch from
- Fabian Keil.)
- Fix an assert failure when a directory authority sets
AuthDirRejectUnlisted and then receives a descriptor from an
- unlisted router (reported by seeess).
+ unlisted router. Reported by seeess.
+ - Avoid a double-free when parsing malformed DirServer lines.
+ - Fix a bug when a BSD-style PF socket is first used. Patch from
+ Fabian Keil.
- Fix a bug in 0.1.2.2-alpha that prevented clients from asking
to resolve an address at a given exit node even when they ask for
it by name.
- - Routers no longer ever list themselves in their "family" line,
- even if configured to do so. This makes it easier to configure
- family lists efficiently.
+ - Servers no longer ever list themselves in their "family" line,
+ even if configured to do so. This makes it easier to configure
+ family lists conveniently.
- When running as a server, don't fall back to 127.0.0.1 when no
nameservers are configured in /etc/resolv.conf; instead, make the
user fix resolv.conf or specify nameservers explicitly. (Resolves
@@ -125,34 +143,20 @@
- Stop accepting certain malformed ports in configured exit policies.
- Don't re-write the fingerprint file every restart, unless it has
changed.
- - Cleaned-up code and documentation in NT services. Patch from Matt
- Edman.
- - Removed the supposedly misleading error message mentioned in
- Bug #294. Patch from Matt Edman.
- Stop warning when a single nameserver fails: only warn when _all_ of
- our nameservers have failed. (Bug #326.)
- - When we only have one nameserver, raise the threshold for deciding
- that the nameserver is dead. (Also bug #326)
+ our nameservers have failed. Also, when we only have one nameserver,
+ raise the threshold for deciding that the nameserver is dead.
- Directory authorities now only decide that routers are reachable
if their identity keys are as expected.
- When the user uses bad syntax in the Log config line, stop
suggesting other bad syntax as a replacement.
- - Avoid a double-free when parsing malformed DirServer lines.
- Correctly detect ipv6 DNS capability on OpenBSD.
- o Controller features:
- - Have GETINFO dir/status/* work on hosts with DirPort disabled.
- - Reimplement GETINFO so that info/names stays in sync with the
- actual keys.
- - Implement "GETINFO fingerprint".
- - Implement "SETEVENTS GUARD" so controllers can get updates on
- entry guard status as it changes.
-
- o Controller bugfixes:
- - Report the circuit number correctly in STREAM CLOSED events. (Bug
- reported by Mike Perry.)
+ o Minor bugfixes (controller):
+ - Report the circuit number correctly in STREAM CLOSED events. Bug
+ reported by Mike Perry.
- Do not report bizarre values for results of accounting GETINFOs
- when the last second's write or read exceeds the alloted bandwidth.
+ when the last second's write or read exceeds the allotted bandwidth.
- Report "unrecognized key" rather than an empty string when the
controller tries to fetch a networkstatus that doesn't exist.
More information about the tor-commits
mailing list