[tor-commits] [tor/master] forward-port the 0.2.4.18-rc changelog
arma at torproject.org
arma at torproject.org
Sun Nov 17 04:03:02 UTC 2013
commit dfc1b62fc5975a4ab36768c3d16ed0df6a749393
Author: Roger Dingledine <arma at torproject.org>
Date: Sat Nov 16 23:02:26 2013 -0500
forward-port the 0.2.4.18-rc changelog
---
ChangeLog | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 93 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index afa70f8..3bb89d2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,96 @@
+Changes in version 0.2.4.18-rc - 2013-11-16
+ Tor 0.2.4.18-rc is the fourth release candidate for the Tor 0.2.4.x
+ series. It takes a variety of fixes from the 0.2.5.x branch to improve
+ stability, performance, and better handling of edge cases.
+
+ o Major features:
+ - Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later.
+ Resolves ticket 6055. (OpenSSL before 1.0.1 didn't have TLS 1.1 or
+ 1.2, and OpenSSL from 1.0.1 through 1.0.1d had bugs that prevented
+ renegotiation from working with TLS 1.1 or 1.2, so we had disabled
+ them to solve bug 6033.)
+
+ o Major bugfixes:
+ - No longer stop reading or writing on cpuworker connections when
+ our rate limiting buckets go empty. Now we should handle circuit
+ handshake requests more promptly. Resolves bug 9731.
+ - If we are unable to save a microdescriptor to the journal, do not
+ drop it from memory and then reattempt downloading it. Fixes bug
+ 9645; bugfix on 0.2.2.6-alpha.
+ - Stop trying to bootstrap all our directory information from
+ only our first guard. Discovered while fixing bug 9946; bugfix
+ on 0.2.4.8-alpha.
+ - The new channel code sometimes lost track of in-progress circuits,
+ causing long-running clients to stop building new circuits. The
+ fix is to always call circuit_n_chan_done(chan, 0) from
+ channel_closed(). Fixes bug 9776; bugfix on 0.2.4.17-rc.
+
+ o Minor bugfixes (on 0.2.4.x):
+ - Correctly log long IPv6 exit policies, instead of truncating them
+ or reporting an error. Fixes bug 9596; bugfix on 0.2.4.7-alpha.
+ - Our default TLS ecdhe groups were backwards: we meant to be using
+ P224 for relays (for performance win) and P256 for bridges (since
+ it is more common in the wild). Instead we had it backwards. After
+ reconsideration, we decided that the default should be P256 on all
+ hosts, since its security is probably better, and since P224 is
+ reportedly used quite little in the wild. Found by "skruffy" on
+ IRC. Fix for bug 9780; bugfix on 0.2.4.8-alpha.
+ - Free directory authority certificate download statuses on exit
+ rather than leaking them. Fixes bug 9644; bugfix on 0.2.4.13-alpha.
+
+ o Minor bugfixes (on 0.2.3.x and earlier):
+ - If the guard we choose first doesn't answer, we would try the
+ second guard, but once we connected to the second guard we would
+ abandon it and retry the first one, slowing down bootstrapping.
+ The fix is to treat all our initially chosen guards as acceptable
+ to use. Fixes bug 9946; bugfix on 0.1.1.11-alpha.
+ - Fix an assertion failure that would occur when disabling the
+ ORPort setting on a running Tor process while accounting was
+ enabled. Fixes bug 6979; bugfix on 0.2.2.18-alpha.
+ - When examining the list of network interfaces to find our address,
+ do not consider non-running or disabled network interfaces. Fixes
+ bug 9904; bugfix on 0.2.3.11-alpha. Patch from "hantwister".
+ - Avoid an off-by-one error when checking buffer boundaries when
+ formatting the exit status of a pluggable transport helper.
+ This is probably not an exploitable bug, but better safe than
+ sorry. Fixes bug 9928; bugfix on 0.2.3.18-rc. Bug found by
+ Pedro Ribeiro.
+
+ o Minor features (protecting client timestamps):
+ - Clients no longer send timestamps in their NETINFO cells. These were
+ not used for anything, and they provided one small way for clients
+ to be distinguished from each other as they moved from network to
+ network or behind NAT. Implements part of proposal 222.
+ - Clients now round timestamps in INTRODUCE cells down to the nearest
+ 10 minutes. If a new Support022HiddenServices option is set to 0, or
+ if it's set to "auto" and the feature is disabled in the consensus,
+ the timestamp is sent as 0 instead. Implements part of proposal 222.
+ - Stop sending timestamps in AUTHENTICATE cells. This is not such
+ a big deal from a security point of view, but it achieves no actual
+ good purpose, and isn't needed. Implements part of proposal 222.
+ - Reduce down accuracy of timestamps in hidden service descriptors.
+ Implements part of proposal 222.
+
+ o Minor features (other):
+ - Improve the circuit queue out-of-memory handler. Previously, when
+ we ran low on memory, we'd close whichever circuits had the most
+ queued cells. Now, we close those that have the *oldest* queued
+ cells, on the theory that those are most responsible for us
+ running low on memory. Based on analysis from a forthcoming paper
+ by Jansen, Tschorsch, Johnson, and Scheuermann. Fixes bug 9093.
+ - Generate bootstrapping status update events correctly when fetching
+ microdescriptors. Fixes bug 9927.
+ - Update to the October 2 2013 Maxmind GeoLite Country database.
+
+ o Documentation fixes:
+ - Clarify the usage and risks of setting the ContactInfo torrc line
+ for your relay or bridge. Resolves ticket 9854.
+ - Add anchors to the manpage so we can link to the html version of
+ the documentation for specific options. Resolves ticket 9866.
+ - Replace remaining references to DirServer in man page and
+ log entries. Resolves ticket 10124.
+
+
Changes in version 0.2.5.1-alpha - 2013-10-02
Tor 0.2.5.1-alpha introduces experimental support for syscall sandboxing
on Linux, allows bridges that offer pluggable transports to report usage
More information about the tor-commits
mailing list