[tor-commits] [tor/release-0.2.2] Fold in and clean up remaining changes files
nickm at torproject.org
nickm at torproject.org
Mon May 16 22:16:19 UTC 2011
commit 9525de51a64c59f277e29876e82043748c9861fe
Author: Nick Mathewson <nickm at torproject.org>
Date: Mon May 16 18:17:10 2011 -0400
Fold in and clean up remaining changes files
---
ChangeLog | 60 +++++++++++++++++++++++++++-
changes/bug1345 | 13 ------
changes/bug2732-simple | 7 ---
changes/bug2792_checkdir | 8 ----
changes/bug2850 | 5 --
changes/bug2972 | 5 --
changes/bug3019 | 4 --
changes/bug3026 | 4 --
changes/bug3175 | 7 ---
changes/check-fetched-rend-desc-service-id | 7 ---
changes/check-public-key-exponents | 5 --
11 files changed, 59 insertions(+), 66 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 8ea0008..764c5cc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,4 @@
-Changes in version 0.2.2.26-alpha - 2011-05-??
+Changes in version 0.2.2.26-beta - 2011-05-1?
o Security fixes:
- Replace all potentially sensitive memory comparison operations
with versions whose runtime does not depend on the data being
@@ -6,6 +6,12 @@ Changes in version 0.2.2.26-alpha - 2011-05-??
adversary can use variations in timing information to learn
sensitive data. Fix for one case of bug 3122. (Safe memcmp
implementation by Robert Ransom based partially on code by DJB.)
+ - When receiving a hidden service descriptor, check that it is for
+ the hidden service we wanted. Previously, Tor would store any
+ hidden service descriptors that a directory gave it, whether it
+ wanted them or not. This wouldn't have let an attacker impersonate
+ a hidden service, but it did let directories pre-seed a client
+ with a descriptors that it didn't want. Bugfix on 0.0.6.
o Major features:
- The options SocksPort, ControlPort, and so on now all accept a
@@ -23,6 +29,15 @@ Changes in version 0.2.2.26-alpha - 2011-05-??
given connection type. This is useful when the user has configured
"SocksPort auto" and the controller needs to know which port got
chosen. Resolves another part of ticket 3076.
+ - Add a new ControlSocketsGroupWritable configuration option: when
+ it is turned on, ControlSockets are group-writeable by the default
+ group of the current user. Patch by Jérémy Bobbio; implements
+ ticket 2972.
+ - Tor now refuses to create a ControlSocket in a directory that is
+ world-readable (or group-readable if ControlSocketsGroupWritable
+ is 0). This is necessary because some operating systems do not
+ enforce permissions on an AF_UNIX sockets. Permissions on the
+ directory holding the socket, however, seems to work everywhere.
- Rate-limit a warning about failures to download v2 networkstatus
documents. Resolves part of bug 1352.
- Backport code from 0.2.3.x to allow directory authorities to clean
@@ -31,6 +46,10 @@ Changes in version 0.2.2.26-alpha - 2011-05-??
what it means rather than calling it an unexpected status code.
Closes bug 2503. Patch from Michael Yakubovich.
- Update to the May 1 2011 Maxmind GeoLite Country database.
+ - Set SO_REUSEADDR on all sockets, not just listeners. This should
+ help busy exit nodes avoid running out of useable ports just
+ because all the ports have been used in the near past. Resolves
+ issue 2850.
o Minor bugfixes:
- When loading the microdesc journal, remember its current size.
@@ -65,6 +84,45 @@ Changes in version 0.2.2.26-alpha - 2011-05-??
- Add missing explanations for the authority-related torrc options
RephistTrackTime, BridgePassword, and V3AuthUseLegacyKey in the
man page. Resolves issue 2379.
+ - On SIGHUP, do not clear out all TrackHostExits mappings, client
+ DNS cache entries, and virtual address mappings: that's what
+ NEWNYM is for. Fixes bug 1345; bugfix on 0.1.0.1-rc.
+ - When a controller changes TrackHostExits, remove mappings for
+ hosts that should no longer have their exits tracked. Bugfix on
+ 0.1.0.1-rc.
+ - When a controller changes VirtualAddrNetwork, remove any mappings
+ for hosts that were automapped to the old network. Bugfix on
+ 0.1.1.19-rc.
+ - When a controller changes one of the AutomapHosts* options, remove
+ any mappings for hosts that should no longer be automapped. Bugfix
+ on 0.2.0.1-alpha.
+ - Accept hidden service descriptors if we think we are a hidden
+ service directory, regardless of what our consensus says. This
+ helps robustness, since clients and hidden services can sometimes
+ have a more up-to-date view of the network consensus than we do,
+ and if they think that the directory authorities list us a HSDir,
+ we might actually be one. Related to bug 2732; bugfix on
+ 0.2.0.10-alpha.
+ - Do not reset the bridge descriptor download status every time we
+ re-parse our configuration or get a configuration change. Fixes
+ bug 3019; bugfix on 0.2.0.3-alpha.
+ - Resolve an untriggerable issue in smartlist_string_num_isin(),
+ where if the function had ever in the future been used to check
+ for the presence of a too-large number, it would have given an
+ incorrect result. (Fortunately, we only used it for 16-bit
+ values.) Fixes bug 3175; bugfix on 0.1.0.1-rc.
+ - Require that introduction point keys and onion keys have public
+ exponent 65537. Bugfix on 0.2.0.10-alpha.
+ - As an authority, do not upload our own vote or signature set to
+ ourself. It would tell us nothing new, and as of 0.2.2.24-alpha,
+ it would get flagged as a duplicate. Resolves bug 3026.
+ - Accept hidden service descriptors if we think we are a hidden
+ service directory, regardless of what our consensus says. This
+ helps robustness, since clients and hidden services can sometimes
+ have a more up-to-date view of the network consensus than we do,
+ and if they think that the directory authorities list us a HSDir,
+ we might actually be one. Related to bug 2732; bugfix on
+ 0.2.0.10-alpha.
o Removed features:
- Caches no longer download and serve v2 networkstatus documents
diff --git a/changes/bug1345 b/changes/bug1345
deleted file mode 100644
index 0c9375a..0000000
--- a/changes/bug1345
+++ /dev/null
@@ -1,13 +0,0 @@
- o Minor bugfixes:
- - On SIGHUP, do not clear out all TrackHostExits mappings, client DNS
- cache entries, and virtual address mappings: that's what NEWNYM is
- for. Bugfix on Tor 0.1.0.1-rc; fixes bug 1345.
- - When TrackHostExits is changed from a controller, remove any
- mappings for hosts that should no longer have their exits tracked.
- Bugfix on Tor 0.1.0.1-rc.
- - When VirtualAddrNetwork option is changed from a controller,
- remove any mappings for hosts that were automapped to
- that network. Bugfix on 0.1.1.19-rc.
- - When one of the AutomapHosts* options is changed from a
- controller, remove any mappings for hosts that should no longer be
- automapped. Bugfix on 0.2.0.1-alpha.
diff --git a/changes/bug2732-simple b/changes/bug2732-simple
deleted file mode 100644
index 3678361..0000000
--- a/changes/bug2732-simple
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes
- - Do not reject hidden service descriptors simply because we don't
- think we have not been assigned the HSDir flag. Clients and
- hidden services can have a more up-to-date view of the network
- consensus, and if they think that the directory authorities
- list us a HSDir, we might actually be one. Related to bug 2732;
- bugfix on 0.2.0.10-alpha.
diff --git a/changes/bug2792_checkdir b/changes/bug2792_checkdir
deleted file mode 100644
index 10de1de..0000000
--- a/changes/bug2792_checkdir
+++ /dev/null
@@ -1,8 +0,0 @@
- o Minor features:
- - Tor now refuses to create a ControlSocket in a directory that is
- world-readable (or group-readable if ControlSocketsGroupWritable
- is 0). This is necessary because some operating systems do not
- check the permissions on an AF_UNIX socket when programs try to
- connect to it. Checking permissions on the directory holding
- the socket, however, seems to work everywhere.
-
diff --git a/changes/bug2850 b/changes/bug2850
deleted file mode 100644
index 77ccbfa..0000000
--- a/changes/bug2850
+++ /dev/null
@@ -1,5 +0,0 @@
- - Minor features
- o Set SO_REUSEADDR on all sockets, not just listeners. This should
- help busy exit nodes avoid running out of useable ports just because
- all the ports have been used in the near past. Resolves issue 2850.
-
diff --git a/changes/bug2972 b/changes/bug2972
deleted file mode 100644
index 26afcca..0000000
--- a/changes/bug2972
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor features:
- - Allow ControlSockets to be group-writable when the
- ControlSocksGroupWritable configuration option is turned on. Patch
- by Jérémy Bobbio; implements ticket 2972.
-
diff --git a/changes/bug3019 b/changes/bug3019
deleted file mode 100644
index 4df709f..0000000
--- a/changes/bug3019
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Do not reset the bridge descriptor download status every time we
- re-parse our configuration or get a configuration change. Fixes
- bug 3019; bugfix on Tor 0.2.0.3-alpha.
diff --git a/changes/bug3026 b/changes/bug3026
deleted file mode 100644
index c0c0a38..0000000
--- a/changes/bug3026
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (directory authority)
- - Do not upload our own vote or signature set to ourself. It would
- tell us nothing new. Also, as of Tor 0.2.2.24-alpha, we started
- to warn about receiving duplicate votes. Resolves bug 3026.
diff --git a/changes/bug3175 b/changes/bug3175
deleted file mode 100644
index 3360fbc..0000000
--- a/changes/bug3175
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes:
- - Resolve an untriggerable issue in smartlist_string_num_isin(),
- where if the function had ever in the future been used to check
- for the presence of a too-large number, it would have given an
- incorrect result. (Fortunately, we only used it for 16-bit
- values.) Fixes bug 3175; bugfix on Tor 0.1.0.1-rc.
-
diff --git a/changes/check-fetched-rend-desc-service-id b/changes/check-fetched-rend-desc-service-id
deleted file mode 100644
index 2f37c30..0000000
--- a/changes/check-fetched-rend-desc-service-id
+++ /dev/null
@@ -1,7 +0,0 @@
- o Security fixes:
- - When fetching a hidden service descriptor, check that it is for
- the hidden service we were trying to connect to, in order to
- stop a directory from pre-seeding a client with a descriptor for
- a hidden service that they didn't want. Bugfix on 0.0.6.
-
-
diff --git a/changes/check-public-key-exponents b/changes/check-public-key-exponents
deleted file mode 100644
index a8d0067..0000000
--- a/changes/check-public-key-exponents
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Require that introduction point keys and onion keys have public
- exponent 65537. Bugfix on 0.2.0.10-alpha.
-
-
More information about the tor-commits
mailing list