[tor-commits] [tor/master] Merge more changes files (verbatim) into the changelog
nickm at torproject.org
nickm at torproject.org
Thu Apr 17 04:13:23 UTC 2014
commit ab83a27450fc3afb57874ca202dcee570607a1ff
Author: Nick Mathewson <nickm at torproject.org>
Date: Thu Apr 17 00:13:11 2014 -0400
Merge more changes files (verbatim) into the changelog
---
ChangeLog | 87 ++++++++++++++++++++++++++++++++++++++++++-
changes/10267_tproxy | 4 --
changes/10896 | 8 ----
changes/11507 | 7 ----
changes/bug10431 | 5 ---
changes/bug11304 | 5 ---
changes/bug11306 | 4 --
changes/bug11464_023 | 5 ---
changes/bug11465 | 9 -----
changes/bug11477 | 4 --
changes/bug11513 | 12 ------
changes/bug11519 | 3 --
changes/bug5286 | 4 --
changes/ff28_ciphers | 6 ---
changes/sandbox_fixes_11351 | 13 -------
15 files changed, 86 insertions(+), 90 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 8f2244e..790d1d4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
Changes in version 0.2.5.4-alpha - 2014-04-??
+ o Major features (security):
+ - Block authority signing keys that were used on an authorities
+ vulnerable to the "heartbleed" bug in openssl (CVE-2014-0160).
+ (We don't have any evidence that these keys _were_ compromised;
+ we're doing this to be prudent.) Resolves ticket 11464.
+
o Deprecated versions:
- Tor 0.2.2.x has reached end-of-life; it has received no patches or
attention for some while. Directory authorities no longer accept
@@ -12,6 +18,32 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
the circuits. These functions previously accounted between 3 and
7% of CPU usage on some busy relays.
+ o Major features (seccomp2 sandbox):
+ - Refinements and improvements to the Linux seccomp2 sandbox code:
+ the sandbox can now run a test network for multiple hours without
+ crashing. (Previous crash reasons included: reseeding the OpenSSL PRNG,
+ seeding the Libevent PRNG, using the wrong combination of CLOEXEC and
+ NONBLOCK at the same place and time, having server keys, being an
+ authority, receiving a HUP, or using IPv6.) The sandbox is still
+ experimental, and more bugs will probably turn up. To try it,
+ enable "Sandbox 1" on a Linux host.
+ - Strengthen the Linux seccomp2 sandbox code: the sandbox can now
+ test the arguments for rename(), and blocks _sysctl() entirely.
+ - When the Linux syscall sandbox finds an illegal system call, it
+ now tries to log a stack trace before exiting. Resolves ticket
+ 11465.
+
+ o Major bugfixes (TLS cipher selection):
+ - Generate the server's preference list for ciphersuites
+ automatically based on uniform criteria, and considering all
+ OpenSSL ciphersuites with acceptable strength and forward
+ secrecy. (The sort order is: prefer AES to 3DES; break ties by
+ preferring ECDHE to DHE; break ties by preferring GCM to CBC;
+ break ties by preferring SHA384 to SHA256 to SHA1; and finally,
+ break ties by preferring AES256 to AES128.) This resolves bugs
+ #11513, #11492, #11498, #11499. Bugs reported by 'cypherpunks'.
+ Bugfix on 0.2.4.8-alpha.
+
o Major bugfixes (undefined behavior):
- Fix two instances of possible undefined behavior in channeltls.c
that could, under unlucky circumstances, have led to a pointer
@@ -31,6 +63,26 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
- Log only one message when we start logging in an unsafe
way. Previously, we would log as many messages as we had
problems. Fix for #9870; bugfix on 0.2.5.1-alpha.
+ - Using the Linux syscall sandbox no longer prevents stack-trace
+ logging on crashes or errors. Fixes part 11465; bugfix on
+ 0.2.5.1-alpha.
+ - Only report the first fatal boostrap error on a given OR
+ connection. This prevents controllers from declaring that a
+ connection has failed because of "DONE" or other junk reasons.
+ Fixes bug 10431; bugfix on 0.2.1.1-alpha.
+
+ o Minor bugfixes (closing channels):
+ - If write_to_buf() in connection_write_to_buf_impl_() ever fails,
+ check if it's an or_connection_t and correctly call
+ connection_or_close_for_error() rather than connection_mark_for_close()
+ directly. Fixes bug #11304; bugfix on 0.2.4.4-alpha.
+ - When closing all connections on setting DisableNetwork to 1, use
+ connection_or_close_normally() rather than closing orconns out from
+ under the channel layer. Fixes bug #11306; bugfix on 0.2.4.4-alpha.
+
+ o Minor bugfixes (controller):
+ - Avoid sending an garbage value to the controller when a circuit is
+ cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha.
o Minor bugfixes (tor-fw-helper):
- Allow tor-fw-helper to build again by adding src/ext to its
@@ -80,7 +132,34 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
- Stop leaking memory when we successfully resolve a PTR record.
Fixes bug 11437; bugfix on 0.2.4.7-alpha.
- o Minor bugfixes (windows):
+ o Minor features (Transparent proxy):
+ - Support the ipfw firewall interface for transparent proxy support on
+ FreeBSD. To enable it, set "TransProxyType ipfw" in your torrc.
+ Resolves ticket 10267; patch from "yurivict".
+ - Support OpenBSD's divert-to rules with the pf firewall, when
+ "TransProxyType pf-divert" is specified. This allows Tor to run a
+ TransPort transparent proxy port on OpenBSD 4.4 or later without
+ root privileges. See the pf.conf(5) manual page for information on
+ configuring pf to use divert-to rules. Closes ticket 10896; patch
+ from Dana Koch.
+
+ o Minor features (security):
+ - New --enable-expensive-hardening option to turn on security hardening
+ options that consume nontrivial amounts of CPU and memory. Right now,
+ this includes AddressSanitizer and UbSan. Closes ticket 11477.
+
+ o Minor features (usability):
+ - Demote the message that we give when a flushing connection times
+ out for too long from NOTICE to INFO. It was usually meaningless.
+ Resolves ticket 5286.
+
+ o Minor features (performance, compatibility):
+ - Update the list of TLS cipehrsuites that a client advertises
+ to match those advertised by Firefox 28. This enables selection of
+ (fast) GCM ciphersuites, disables some strange old ciphers, and
+ disables the ECDH (not to be confused with ECDHE) ciphersuites.
+ Resolves ticket 11438.
+
o Minor bugfixes (IPv6):
- When using DNSPort and AutomapHostsOnResolve, respond to AAAA
@@ -137,6 +216,12 @@ Changes in version 0.2.5.4-alpha - 2014-04-??
- Change our use of the ENUM_BF macro to avoid declarations that
confuse Doxygen.
+ o Testing:
+ - New macros in test.h to simplify writting mock-functions for unit
+ tests. Part of ticket 11507. Patch from Dana Koch.
+ - Complete tests for the status.c module. Resolves ticket 11507.
+ Patch from Dana Koch.
+
o Removed code:
- Remove all code for the long unused v1 directory protocol. Resolves
ticket 11070.
diff --git a/changes/10267_tproxy b/changes/10267_tproxy
deleted file mode 100644
index f65e4a2..0000000
--- a/changes/10267_tproxy
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Support the ipfw firewall interface for transparent proxy support on
- FreeBSD. To enable it, set "TransProxyType ipfw" in your torrc.
- Resolves ticket 10267; patch from "yurivict".
diff --git a/changes/10896 b/changes/10896
deleted file mode 100644
index 278815e..0000000
--- a/changes/10896
+++ /dev/null
@@ -1,8 +0,0 @@
- o Minor features:
- - Support OpenBSD's divert-to rules with the pf firewall, when
- "TransProxyType pf-divert" is specified. This allows Tor to run a
- TransPort transparent proxy port on OpenBSD 4.4 or later without
- root privileges. See the pf.conf(5) manual page for information on
- configuring pf to use divert-to rules. Closes ticket 10896; patch
- from Dana Koch.
-
diff --git a/changes/11507 b/changes/11507
deleted file mode 100644
index f656d90..0000000
--- a/changes/11507
+++ /dev/null
@@ -1,7 +0,0 @@
- o Testing support:
- - New macros in test.h to simplify writting mock-functions for unit
- tests. Part of ticket 11507. Patch from Dana Koch.
-
- o Testing:
- - Complete tests for the status.c module. Resolves ticket 11507.
- Patch from Dana Koch.
diff --git a/changes/bug10431 b/changes/bug10431
deleted file mode 100644
index 39353a2..0000000
--- a/changes/bug10431
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Only report the first fatal boostrap error on a given OR
- connection. This prevents controllers from declaring that a
- connection has failed because of "DONE" or other junk reasons.
- Fixes bug 10431; bugfix on 0.2.1.1-alpha.
diff --git a/changes/bug11304 b/changes/bug11304
deleted file mode 100644
index 4930dd6..0000000
--- a/changes/bug11304
+++ /dev/null
@@ -1,5 +0,0 @@
- o Bugfixes:
- - If write_to_buf() in connection_write_to_buf_impl_() ever fails,
- check if it's an or_connection_t and correctly call
- connection_or_close_for_error() rather than connection_mark_for_close()
- directly. Fixes bug #11304; bugfix on 0.2.4.4-alpha.
diff --git a/changes/bug11306 b/changes/bug11306
deleted file mode 100644
index 5937938..0000000
--- a/changes/bug11306
+++ /dev/null
@@ -1,4 +0,0 @@
- o Bugfixes:
- - When closing all connections on setting DisableNetwork to 1, use
- connection_or_close_normally() rather than closing orconns out from
- under the channel layer. Fixes bug #11306; bugfix on 0.2.4.4-alpha.
diff --git a/changes/bug11464_023 b/changes/bug11464_023
deleted file mode 100644
index 80c04b2..0000000
--- a/changes/bug11464_023
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major features (security):
- - Block authority signing keys that were used on an authorities
- vulnerable to the "heartbleed" bug in openssl (CVE-2014-0160).
- (We don't have any evidence that these keys _were_ compromised;
- we're doing this to be prudent.) Resolves ticket 11464.
diff --git a/changes/bug11465 b/changes/bug11465
deleted file mode 100644
index 2425299..0000000
--- a/changes/bug11465
+++ /dev/null
@@ -1,9 +0,0 @@
- o Minor features:
- - When the Linux syscall sandbox finds an illegal system call, it
- now tries to log a stack trace before exiting. Resolves ticket
- 11465.
-
- o Minor bugfixes:
- - Using the Linux syscall sandbox no longer prevents stack-trace
- logging on crashes or errors. Fixes part 11465; bugfix on
- 0.2.5.1-alpha.
diff --git a/changes/bug11477 b/changes/bug11477
deleted file mode 100644
index 44bdba9..0000000
--- a/changes/bug11477
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - New --enable-expensive-hardening option to turn on security hardening
- options that consume nontrivial amounts of CPU and memory. Right now,
- this includes AddressSanitizer and UbSan. Closes ticket 11477.
diff --git a/changes/bug11513 b/changes/bug11513
deleted file mode 100644
index 820c026..0000000
--- a/changes/bug11513
+++ /dev/null
@@ -1,12 +0,0 @@
- o Major bugfixes:
- - Generate the server's preference list for ciphersuites
- automatically based on uniform criteria, and considering all
- OpenSSL ciphersuites with acceptable strength and forward
- secrecy. (The sort order is: prefer AES to 3DES; break ties by
- preferring ECDHE to DHE; break ties by preferring GCM to CBC;
- break ties by preferring SHA384 to SHA256 to SHA1; and finally,
- break ties by preferring AES256 to AES128.) This resolves bugs
- #11513, #11492, #11498, #11499. Bugs reported by 'cypherpunks'.
- Bugfix on 0.2.4.8-alpha.
-
-
diff --git a/changes/bug11519 b/changes/bug11519
deleted file mode 100644
index 5c1e6af..0000000
--- a/changes/bug11519
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes:
- - Avoid sending an garbage value to the controller when a circuit is
- cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha.
diff --git a/changes/bug5286 b/changes/bug5286
deleted file mode 100644
index de02a9a..0000000
--- a/changes/bug5286
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Demote the message that we give when a flushing connection times
- out for too long from NOTICE to INFO. It was usually meaningless.
- Resolves ticket 5286.
diff --git a/changes/ff28_ciphers b/changes/ff28_ciphers
deleted file mode 100644
index 05eb4e9..0000000
--- a/changes/ff28_ciphers
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor features (performance, compatibility):
- - Update the list of TLS cipehrsuites that a client advertises
- to match those advertised by Firefox 28. This enables selection of
- (fast) GCM ciphersuites, disables some strange old ciphers, and
- disables the ECDH (not to be confused with ECDHE) ciphersuites.
- Resolves ticket 11438.
diff --git a/changes/sandbox_fixes_11351 b/changes/sandbox_fixes_11351
deleted file mode 100644
index 2fe2173..0000000
--- a/changes/sandbox_fixes_11351
+++ /dev/null
@@ -1,13 +0,0 @@
- o Major features:
- - Refinements and improvements to the Linux seccomp2 sandbox code:
- the sandbox can now run a test network for multiple hours without
- crashing. (Previous crash reasons included: reseeding the OpenSSL PRNG,
- seeding the Libevent PRNG, using the wrong combination of CLOEXEC and
- NONBLOCK at the same place and time, having server keys, being an
- authority, receiving a HUP, or using IPv6.) The sandbox is still
- experimental, and more bugs will probably turn up. To try it,
- enable "Sandbox 1" on a Linux host.
-
- - Strengthen the Linux seccomp2 sandbox code: the sandbox can now
- test the arguments for rename(), and blocks _sysctl() entirely.
-
More information about the tor-commits
mailing list