[tor-commits] [tor/master] go through and rewrite the changes files to be more user-facing
arma at torproject.org
arma at torproject.org
Wed Feb 12 09:04:02 UTC 2014
commit 7c39bf0e447a456a9999b3de95ed17fa0e86f157
Author: Roger Dingledine <arma at torproject.org>
Date: Wed Feb 12 03:59:59 2014 -0500
go through and rewrite the changes files to be more user-facing
---
changes/10582_tproxy | 5 ++---
changes/10777_netunreach | 11 +++++------
changes/bug10046 | 5 +++--
changes/bug10297 | 7 ++++---
changes/bug10313 | 10 ++++------
changes/bug10324 | 4 +++-
changes/bug10365 | 8 ++++----
changes/bug10470 | 4 ++--
changes/bug10485 | 8 --------
changes/bug10536 | 9 ++++-----
changes/bug10543 | 7 ++++---
changes/bug10565 | 4 ++--
changes/bug10722 | 14 +++++++-------
changes/bug10758 | 8 ++++----
changes/bug10777_internal_024 | 7 ++++---
changes/bug10793 | 2 +-
changes/bug10842 | 9 +++++----
changes/bug10870 | 6 +++---
changes/bug10881 | 14 +++++++-------
changes/bug1376 | 7 +++----
changes/bug4677 | 4 ++--
changes/bug5018 | 8 +++++---
changes/bug5605 | 10 ++++++----
changes/bug7359 | 14 ++++++++------
changes/bug9162 | 10 ++++++----
changes/bug9206 | 8 ++++----
changes/bug9578 | 9 +++++----
changes/bug9602 | 9 ++++-----
changes/bug9651 | 6 ++++--
changes/bug9859 | 12 ++++++++----
changes/bug9869 | 10 ++++------
changes/bug9926 | 6 +++---
changes/bug9934 | 7 ++++---
changes/bug9948 | 8 +++-----
changes/feature9777 | 10 +++++++---
changes/prop157-require | 2 +-
changes/prop221 | 13 +++++++------
changes/python-tests | 4 ++--
changes/seccomp2-fixes | 3 ++-
changes/stack_trace | 2 +-
changes/ticket10060 | 4 ++--
changes/ticket8510 | 5 ++---
changes/ticket9839 | 4 ++--
43 files changed, 163 insertions(+), 154 deletions(-)
diff --git a/changes/10582_tproxy b/changes/10582_tproxy
index 8eed6a2..0a05152 100644
--- a/changes/10582_tproxy
+++ b/changes/10582_tproxy
@@ -1,7 +1,6 @@
o Minor features:
-
- Add support for the TPROXY transparent proxying facility on Linux.
- See documentation for the new TransProxyType option for more details.
- Implementation by "thomo". Closes ticket 10582.
+ See documentation for the new TransProxyType option for more
+ details. Implementation by "thomo". Closes ticket 10582.
diff --git a/changes/10777_netunreach b/changes/10777_netunreach
index 8991814..1156bca 100644
--- a/changes/10777_netunreach
+++ b/changes/10777_netunreach
@@ -1,7 +1,6 @@
- - Minor bugfixes:
-
- - Treat ENETUNREACH, EACCES, and EPERM at an exit node as a
- NOROUTE error, not an INTERNAL error, since they can apparently
- happen when trying to connect to the wrong sort of
- netblocks. Fixes a part of bug 10777; bugfix on 0.1.0.1-rc.
+ o Minor bugfixes:
+ - Treat ENETUNREACH, EACCES, and EPERM connection failures at an
+ exit node as a NOROUTE error, not an INTERNAL error, since they
+ can apparently happen when trying to connect to the wrong sort
+ of netblocks. Fixes part of bug 10777; bugfix on 0.1.0.1-rc.
diff --git a/changes/bug10046 b/changes/bug10046
index b2f545e..3286c21 100644
--- a/changes/bug10046
+++ b/changes/bug10046
@@ -1,3 +1,4 @@
o Minor bugfixes:
- - Fix an always-true assertion in pluggable transports code. Fixes
- issue 10046. Found by dcb.
+ - Fix an always-true assertion in pluggable transports code so it
+ actually checks what it was trying to check. Fixes bug 10046;
+ bugfix on 0.2.3.9-alpha. Found by "dcb".
diff --git a/changes/bug10297 b/changes/bug10297
index 4cdd80f..73c4cde 100644
--- a/changes/bug10297
+++ b/changes/bug10297
@@ -1,4 +1,5 @@
o Minor features:
- - Spawn background processes using the CREATE_NO_WINDOW flag on
- Windows, in order to prevent a console window from appearing.
- Resolves ticket 10297.
+ - On Windows, spawn background processes using the CREATE_NO_WINDOW
+ flag. Now Tor Browser Bundle 3.5 with pluggable transports enabled
+ doesn't pop up a blank console window. (In Tor Browser Bundle 2.x,
+ Vidalia set this option for us.) Implements ticket 10297.
diff --git a/changes/bug10313 b/changes/bug10313
index b29d4da..36b3634 100644
--- a/changes/bug10313
+++ b/changes/bug10313
@@ -1,8 +1,6 @@
o Minor bugfixes:
- - Fixed an erroneous pointer comparison that would have allowed
- compilers to remove a bounds check in channeltls.c. The fix
- was to remove the check entirely, since it was impossible for
- the code to overflow the bounds. Noticed by Jared L
- Wong. Fixes bug 10313 and 9980. Bugfix on 0.2.0.10-alpha.
-
+ - Remove an erroneous (but impossible and thus harmless) pointer
+ comparison that would have allowed compilers to skip a bounds
+ check in channeltls.c. Fixes bugs 10313 and 9980; bugfix on
+ 0.2.0.10-alpha. Noticed by Jared L Wong and David Fifield.
diff --git a/changes/bug10324 b/changes/bug10324
index 9cd7d5b..786a4c1 100644
--- a/changes/bug10324
+++ b/changes/bug10324
@@ -1,2 +1,4 @@
o Tool changes:
- - Make tor-gencert create 2048 bit signing keys. Addresses ticket #10324.
+ - Make the "tor-gencert" tool used by directory authority operators
+ create 2048-bit signing keys by default (rather than 1024-bit, since
+ 1024-bit is uncomfortably small these days). Addresses ticket 10324.
diff --git a/changes/bug10365 b/changes/bug10365
index f7a1515..f916537 100644
--- a/changes/bug10365
+++ b/changes/bug10365
@@ -1,7 +1,7 @@
o Minor bugfixes:
-
- - When receving a VERSIONS cell with an odd number of bytes, close
- the connection immediately. Fix for bug 10365; bugfix on
- 0.2.0.10-alpha. Spotted by "bobnomnom"; fix by "rl1987".
+ - When receiving a VERSIONS cell with an odd number of bytes, close
+ the connection immediately since the cell is malformed. Fixes bug
+ 10365; bugfix on 0.2.0.10-alpha. Spotted by "bobnomnom"; fix by
+ "rl1987".
diff --git a/changes/bug10470 b/changes/bug10470
index 2b75343..274abc9 100644
--- a/changes/bug10470
+++ b/changes/bug10470
@@ -1,4 +1,4 @@
o Documentation fixes:
- - Note that all but one DirPort entry must have the NoAdvertise flag
- set. Fix for #10470.
+ - Document that all but one DirPort entry must have the NoAdvertise
+ flag set. Fixes bug 10470; bugfix on 0.2.3.3-alpha / 0.2.3.16-alpha.
diff --git a/changes/bug10485 b/changes/bug10485
index d2b3d8b..aa599fb 100644
--- a/changes/bug10485
+++ b/changes/bug10485
@@ -1,12 +1,4 @@
-<<<<<<< HEAD
o Minor bugfixes:
- Turn "circuit handshake stats since last time" log messages into a
heartbeat message. Fixes bug 10485; bugfix on 0.2.4.17-rc.
-||||||| merged common ancestors
-=======
- o Minor bugfixes:
- - Move message about circuit handshake counts into the heartbeat
- message where it belongs, instead of logging it once per hour
- unconditionally. Fixes bug 10485; bugfix on 0.2.4.17-rc.
->>>>>>> origin/maint-0.2.4
diff --git a/changes/bug10536 b/changes/bug10536
index e15da7c..be95eaf 100644
--- a/changes/bug10536
+++ b/changes/bug10536
@@ -1,6 +1,5 @@
- o Minor bugfixes:
- - Reject 0-lenth EXTEND2 cells more expicitly. Previously our code would
- reject them a bit later than it should have. This bug is
- harmless. Fixes bug 10536; bugfix on 0.2.4.8-alpha. Reported by
- "cypherpunks".
+ o Code simplification and refactoring:
+ - Reject 0-length EXTEND2 cells more explicitly. Fixes bug 10536;
+ bugfix on 0.2.4.8-alpha. Reported by "cypherpunks".
+
diff --git a/changes/bug10543 b/changes/bug10543
index 6044506..ebc97b0 100644
--- a/changes/bug10543
+++ b/changes/bug10543
@@ -1,5 +1,6 @@
o Minor bugfixes:
- - If all nodes with the Exit flag have been disabled with the ExitNodes
- flag, consider nodes which can exit to other ports as well. Fixes bug
- 10543; bugfix on 0.2.4.10-alpha.
+ - If we set the ExitNodes option but it doesn't include any nodes
+ that have the Exit flag, we would choose not to bootstrap. Now we
+ bootstrap so long as ExitNodes includes nodes which can exit to
+ some port. Fixes bug 10543; bugfix on 0.2.4.10-alpha.
diff --git a/changes/bug10565 b/changes/bug10565
index 9fef9d4..92902e7 100644
--- a/changes/bug10565
+++ b/changes/bug10565
@@ -1,3 +1,3 @@
o Minor bugfixes:
- - Fix compilation on Solaris 9, which didn't like us to have an
- identifier namd "sun". Fixes bug 10565; bugfix in 0.2.5.1-alpha.
+ - Fix compilation on Solaris 9, which didn't like us having an
+ identifier named "sun". Fixes bug 10565; bugfix in 0.2.5.1-alpha.
diff --git a/changes/bug10722 b/changes/bug10722
index dd4711f..0a62e44 100644
--- a/changes/bug10722
+++ b/changes/bug10722
@@ -1,8 +1,8 @@
o Minor bugfixes:
- - Consider non-excluded hidden service directory servers before
- excluded ones. Do not consider excluded hidden service directory
- servers at all if StrictNodes was set. (Previously, we would
- sometimes decide to connect to those servers, and then realize
- before we initiated a connection that we had excluded them.)
- Fix for bug #10722. Bugfix on 0.2.0.10-alpha. Reported by
- "mr-4".
+ - If ExcludeNodes is set, consider non-excluded hidden service
+ directory servers before excluded ones. Do not consider excluded
+ hidden service directory servers at all if StrictNodes is
+ set. (Previously, we would sometimes decide to connect to those
+ servers, and then realize before we initiated a connection that
+ we had excluded them.) Fixes bug 10722; bugfix on 0.2.0.10-alpha.
+ Reported by "mr-4".
diff --git a/changes/bug10758 b/changes/bug10758
index beadd9e..ab4075d 100644
--- a/changes/bug10758
+++ b/changes/bug10758
@@ -1,4 +1,4 @@
- o Removed code
- - Remove all code that existed to support the v2 directory system:
- There are no longer any v2 directory authorities. Resolves
- bug 10758.
+ o Removed code and features:
+ - Remove all code that existed to support the v2 directory system,
+ since there are no longer any v2 directory authorities. Resolves
+ ticket 10758.
diff --git a/changes/bug10777_internal_024 b/changes/bug10777_internal_024
index 4544147..c0bd9bf 100644
--- a/changes/bug10777_internal_024
+++ b/changes/bug10777_internal_024
@@ -1,4 +1,5 @@
o Major bugfixes:
- - Do not treat END_STREAM_REASON_INTERNAL as indicating a definite
- circuit failure, since it could also indicate an ENETUNREACH
- error. Fixes part of bug 10777; bugfix on 0.2.4.8-alpha.
+ - Do not treat streams that fail with reason
+ END_STREAM_REASON_INTERNAL as indicating a definite circuit failure,
+ since it could also indicate an ENETUNREACH connection error. Fixes
+ part of bug 10777; bugfix on 0.2.4.8-alpha.
diff --git a/changes/bug10793 b/changes/bug10793
index 24c4025..ea15cc3 100644
--- a/changes/bug10793
+++ b/changes/bug10793
@@ -1,4 +1,4 @@
o Minor features (security):
- - Always clear OpenSSL bignums before freeing them--even bignums
+ - Always clear OpenSSL bignums before freeing them -- even bignums
that don't contain secrets. Resolves ticket 10793. Patch by
Florent Daigniere.
diff --git a/changes/bug10842 b/changes/bug10842
index 0ead9e7..9c757e2 100644
--- a/changes/bug10842
+++ b/changes/bug10842
@@ -1,4 +1,5 @@
- o Minor bugfixes:
- - Suppress a warning that votes and signatures cannot be uploaded to
- other directory authorities if there's only one directory authority
- in the network. Bugfix on 0.2.2.26-beta. Resolves ticket 10842.
+ o Minor bugfixes (log messages):
+ - Suppress a warning where, if there's only one directory authority
+ in the network, we would complain that votes and signatures cannot
+ be uploaded to other directory authorities. Fixes bug 10842;
+ bugfix on 0.2.2.26-beta.
diff --git a/changes/bug10870 b/changes/bug10870
index d8a00f4..4c8d043e 100644
--- a/changes/bug10870
+++ b/changes/bug10870
@@ -1,6 +1,6 @@
o Code simplification and refactoring:
- Remove data structures which were introduced to implement the
CellStatistics option: they are now redundant with the addition
- of timestamp to the regular packed_cell_t data structure, which
- we did in 0.2.4.18-rc in order to resolve #9093. Fixes bug
- 10870.
\ No newline at end of file
+ of a timestamp to the regular packed_cell_t data structure, which
+ we did in 0.2.4.18-rc in order to resolve ticket 9093. Implements
+ ticket 10870.
diff --git a/changes/bug10881 b/changes/bug10881
index 3fcc90e..62da79e 100644
--- a/changes/bug10881
+++ b/changes/bug10881
@@ -1,7 +1,7 @@
- o Removed code:
-
- - Remove code for designating authorities as "Hidden service
- authorities". There has been no use of hidden service authorities
- since 0.2.2.1-alpha, when we stopped uploading or downloading v0
- hidden service descriptors. Fixes bug 10881; part of a fix for bug
- 10841.
+ o Removed config options:
+ - Remove the HSAuthoritativeDir and AlternateHSAuthority torrc
+ options, which were used for designating authorities as "Hidden
+ service authorities". There has been no use of hidden service
+ authorities since 0.2.2.1-alpha, when we stopped uploading or
+ downloading v0 hidden service descriptors. Fixes bug 10881; also
+ part of a fix for bug 10841.
diff --git a/changes/bug1376 b/changes/bug1376
index bee42a3..e685a55 100644
--- a/changes/bug1376
+++ b/changes/bug1376
@@ -1,4 +1,3 @@
- o Minor bugfixes:
-
- - Added additional argument to write_chunks_to_file to optionally skip
- using a temp file to do non-atomic writes. Implements ticket #1376.
+ o Code simplification and refactoring:
+ - Previously we used two temporary files when writing descriptors to
+ disk; now we only use one. Implements ticket 1376.
diff --git a/changes/bug4677 b/changes/bug4677
index 9a62bdb..e043308 100644
--- a/changes/bug4677
+++ b/changes/bug4677
@@ -1,4 +1,4 @@
o Minor bugfixes (build):
- Restore the ability to compile Tor with V2_HANDSHAKE_SERVER
- turned off. Fixes bug 4677; bugfix on 0.2.3.2-alpha. Patch
- from "piet".
+ turned off (that is, without support for v2 link handshakes). Fixes
+ bug 4677; bugfix on 0.2.3.2-alpha. Patch from "piet".
diff --git a/changes/bug5018 b/changes/bug5018
index c5c12ef..5c3a440 100644
--- a/changes/bug5018
+++ b/changes/bug5018
@@ -1,3 +1,5 @@
- o Minor features:
- - Don't launch pluggable transport proxies that contribute
- transports we don't need. Resolves ticket 5018.
+ o Major features:
+ - Don't launch pluggable transport proxies if we don't have any
+ bridges configured that would use them. Now we can list many
+ pluggable transports, and Tor will dynamically start one when it
+ hears a bridge address that needs it. Resolves ticket 5018.
diff --git a/changes/bug5605 b/changes/bug5605
index 2144d96..0bee820 100644
--- a/changes/bug5605
+++ b/changes/bug5605
@@ -1,5 +1,7 @@
-o Minor Bugfixes:
- - No longer writing control ports to file if updating reversible
- options fail. Fixes bug 5605; bugfix on 0.2.2.26-beta. Patch from
- Ryman.
+ o Minor bugfixes:
+ - If changing a config option via "setconf" fails in a recoverable
+ way, we used to nonetheless write our new control ports to the
+ file described by the "ControlPortWriteToFile" option. Now we only
+ write out that file if we successfully switch to the new config
+ option. Fixes bug 5605; bugfix on 0.2.2.26-beta. Patch from "Ryman".
diff --git a/changes/bug7359 b/changes/bug7359
index d1bff0a..a91b730 100644
--- a/changes/bug7359
+++ b/changes/bug7359
@@ -1,7 +1,9 @@
- o Minor features (controller):
- - Extend ORCONN controller event by ID parameter and add four new
- controller event types CONN_BW, CIRC_BW, CELL_STATS, and TB_EMPTY
- that shall help understand connection and circuit usage. The new
- events are emitted in private Tor networks only. Implements
- proposal 218. Resolves ticket #7359.
+ o Major features (controller):
+ - Extend ORCONN controller event to include an "ID" parameter,
+ and add four new controller event types CONN_BW, CIRC_BW,
+ CELL_STATS, and TB_EMPTY that show connection and circuit usage.
+ The new events are emitted in private Tor networks only, with the
+ goal of being able to better track performance and load during
+ full-network simulations. Implements proposal 218. Resolves
+ ticket 7359.
diff --git a/changes/bug9162 b/changes/bug9162
index c1a247a..b5ac27f 100644
--- a/changes/bug9162
+++ b/changes/bug9162
@@ -1,6 +1,8 @@
o Minor bugfixes:
- - Fix a get_configured_bridge_by_addr_port_digest() function so
- that it would return a bridge with given address and port even
- if bridge digest is not specified by caller. Fixes bug 9162;
- bugfix on 0.2.0.3-alpha. Based on a patch from "rl1987".
+ - Fix a bug where the first connection works to a bridge that uses a
+ pluggable transport with client-side parameters, but we don't send
+ the client-side parameters on subsequent connections. (We don't
+ use any pluggable transports with client-side parameters yet,
+ but ScrambleSuit will soon become the first one.) Fixes bug 9162;
+ bugfix on 0.2.0.3-alpha. Based on a patch from "rl1987".
diff --git a/changes/bug9206 b/changes/bug9206
index 7acb366..36167ff 100644
--- a/changes/bug9206
+++ b/changes/bug9206
@@ -1,6 +1,6 @@
o Minor features (testing):
+ - When bootstrapping a test network, sometimes very few relays get
+ the Guard flag. Now a new option "TestingDirAuthVoteGuard" can
+ specify a set of relays which should be voted Guard regardless of
+ their uptime or bandwidth. Addresses ticket 9206.
- - When bootstrapping a test network, few relays get the Guard
- flag. There is now a new option, TestingDirAuthVoteGuard, which
- can be used to specify a set of relays which should be voted
- Guard regardless of uptime or bandwidth. Addresses ticket 9206.
diff --git a/changes/bug9578 b/changes/bug9578
index 96d66fe..5b50200 100644
--- a/changes/bug9578
+++ b/changes/bug9578
@@ -1,6 +1,7 @@
o Minor bugfixes:
- - When a command-line option such as --version or --help that ordinarily
- implies --hush appears on the command line along with --quiet, obey
- --quiet. Previously, we obeyed --quiet only if it appeared later on the
- command line. Fixes bug 9578; bugfix on 0.2.5.1-alpha.
+ - When a command-line option such as --version or --help that
+ ordinarily implies --hush appears on the command line along with
+ --quiet, then actually obey --quiet. Previously, we obeyed --quiet
+ only if it appeared later on the command line. Fixes bug 9578;
+ bugfix on 0.2.5.1-alpha.
diff --git a/changes/bug9602 b/changes/bug9602
index 2dc13c4..86248ab 100644
--- a/changes/bug9602
+++ b/changes/bug9602
@@ -1,5 +1,4 @@
- o Bugfixes
- - Null out orconn->chan->conn when closing orconn in case orconn is freed
- before channel_run_cleanup() gets to orconn->chan, and handle the null
- conn edge case correctly in channel_tls_t methods. Fixes bug #9602;
- bugfix on 0.2.4.4-alpha.
+ o Minor bugfixes:
+ - Avoid a segfault on SIGUSR1, where we had freed a connection but did
+ not entirely remove it from the connection lists. Fixes bug 9602;
+ bugfix on 0.2.4.4-alpha.
diff --git a/changes/bug9651 b/changes/bug9651
index 453fe9a..8933c20 100644
--- a/changes/bug9651
+++ b/changes/bug9651
@@ -1,3 +1,5 @@
o Minor features:
- - Warn when the Extended ORPort should be set, but it isn't. Resolves
- ticket 9651.
+ - When ServerTransportPlugin is set on a bridge, Tor can write more
+ useful statistics about bridge use in its extrainfo descriptors,
+ but only if the Extended ORPort ("ExtORPort") is set too. Add a
+ log message to inform the user in this case. Resolves ticket 9651.
diff --git a/changes/bug9859 b/changes/bug9859
index 54ca30e..38a7ace 100644
--- a/changes/bug9859
+++ b/changes/bug9859
@@ -1,6 +1,10 @@
- o Minor Feature
-
- - Assign status flags to bridges based on thresholds calculated
- over all bridges. Fixes bug 9859.
+ o Major features:
+ - The bridge directory authority now assigns status flags (Stable,
+ Guard, etc) to bridges based on thresholds calculated over all
+ Running bridges. Now bridgedb can finally make use of its features
+ to e.g. include at least one Stable bridge in its answers. Fixes
+ bug 9859.
+ o Minor features:
- Add threshold cutoffs to the networkstatus document created by
the Bridge Authority. Fixes bug 1117.
+
diff --git a/changes/bug9869 b/changes/bug9869
index d67156d..42f8928 100644
--- a/changes/bug9869
+++ b/changes/bug9869
@@ -1,7 +1,5 @@
o Minor features (build):
-
- - Assume that a user using configure --host wants to cross-
- compile and error if we cannot find a properly named tool-
- chain. Add --disable-tool-name-check to enable the user
- to build nevertheless. Addresses ticket 9869. Patch by
- Benedikt Gollatz.
+ - Assume that a user using ./configure --host wants to cross-compile,
+ and give an error if we cannot find a properly named
+ tool-chain. Add a --disable-tool-name-check option to proceed
+ nevertheless. Addresses ticket 9869. Patch by Benedikt Gollatz.
diff --git a/changes/bug9926 b/changes/bug9926
index 51af5e0..6d33ecb 100644
--- a/changes/bug9926
+++ b/changes/bug9926
@@ -1,6 +1,6 @@
- o Minor bugfixes:
+ o Code simplification and refactoring:
- Remove some old fallback code designed to keep Tor clients working
- in a network with only two working nodes. Elsewhere in the code we
+ in a network with only two working relays. Elsewhere in the code we
have long since stopped supporting such networks, so there wasn't
- much point in keeping it around. Fixes bug 9926.
+ much point in keeping it around. Addresses ticket 9926.
diff --git a/changes/bug9934 b/changes/bug9934
index 2a636db..31e6613 100644
--- a/changes/bug9934
+++ b/changes/bug9934
@@ -1,4 +1,5 @@
o Minor features (controller):
- - New DROPGUARDS command to forget all current entry guards. Not
- recommended for ordinary use, since replacing guards too frequently
- makes several attacks easier. Resolves ticket #9934; patch from "ra".
+ - New "DROPGUARDS" controller command to forget all current entry
+ guards. Not recommended for ordinary use, since replacing guards
+ too frequently makes several attacks easier. Resolves ticket 9934;
+ patch from "ra".
diff --git a/changes/bug9948 b/changes/bug9948
index 6a673c0..492744b 100644
--- a/changes/bug9948
+++ b/changes/bug9948
@@ -1,6 +1,4 @@
o Minor features (build):
-
- - Check in configure whether we can link an executable when
- stack protection is enabled so we can warn the user about a
- potentially missing libssp. Addresses ticket 9948. Patch
- from Benedikt Gollatz.
+ - If we run ./configure and the compiler recognizes -fstack-protector
+ but the linker rejects it, warn the user about a potentially missing
+ libssp package. Addresses ticket 9948. Patch from Benedikt Gollatz.
diff --git a/changes/feature9777 b/changes/feature9777
index 312b5e0..b9f111c 100644
--- a/changes/feature9777
+++ b/changes/feature9777
@@ -1,3 +1,7 @@
- o Minor features:
- - Avoid using circuit paths if no node in the path supports the ntor
- circuit extension handshake. Implements ticket 9777.
+ o Major features:
+ - When we choose a path for a 3-hop circuit, make sure it contains
+ at least one relay that supports the NTor circuit extension
+ handshake. Otherwise, there is a chance that we're building
+ a circuit that's worth attacking by an adversary who finds
+ breaking 1024-bit crypto doable, and that chance changes the game
+ theory. Implements ticket 9777.
diff --git a/changes/prop157-require b/changes/prop157-require
index f04806d..309d7f8 100644
--- a/changes/prop157-require
+++ b/changes/prop157-require
@@ -2,4 +2,4 @@
- Clients now reject any directory authority certificates lacking
a dir-key-crosscert element. These have been included since
0.2.1.9-alpha, so there's no real reason for them to be optional
- any longer. Completes proposal 157.
+ any longer. Completes proposal 157. Resolves ticket 10162.
diff --git a/changes/prop221 b/changes/prop221
index b2bf44b..63ef763 100644
--- a/changes/prop221
+++ b/changes/prop221
@@ -1,6 +1,7 @@
- o Minor features:
- - Stop sending the CREATE_FAST cells by default; instead, use a
- parameter in the consensus to decide whether to use
- CREATE_FAST. This can improve security on connections where
- Tor's circuit handshake is stronger than the available TLS
- connection security levels. Implements proposal 221.
+ o Major features:
+ - Clients now look at the "usecreatefast" consensus parameter to
+ decide whether to use CREATE_FAST or CREATE cells for the first hop
+ of their circuit. This approach can improve security on connections
+ where Tor's circuit handshake is stronger than the available TLS
+ connection security levels, but the tradeoff is more computational
+ load on guard relays. Implements proposal 221. Resolves ticket 9386.
diff --git a/changes/python-tests b/changes/python-tests
index 4373e31..8a5fcf5 100644
--- a/changes/python-tests
+++ b/changes/python-tests
@@ -1,4 +1,4 @@
o Minor features:
- - "make check" now runs extra tests beyond the unit test scripts if
- Python is installed.
+ - If Python is installed, "make check" now runs extra tests beyond
+ the unit test scripts.
diff --git a/changes/seccomp2-fixes b/changes/seccomp2-fixes
index 600feec..e050565 100644
--- a/changes/seccomp2-fixes
+++ b/changes/seccomp2-fixes
@@ -1,3 +1,4 @@
o Minor bugfixes:
- Fix compilation warnings and startup issues when running with
- libseccomp-2.1.0. Fixes bug 10563.
+ "Sandbox 1" and libseccomp-2.1.0. Fixes bug 10563; bugfix on
+ 0.2.5.1-alpha.
diff --git a/changes/stack_trace b/changes/stack_trace
index 2eaf15e..33dfcd3 100644
--- a/changes/stack_trace
+++ b/changes/stack_trace
@@ -4,5 +4,5 @@
Unix-like operating systems), Tor can now dump stack traces
when a crash occurs or an assertion fails. By default, traces
are dumped to stderr (if possible) and to any logs that are
- reporting errors.
+ reporting errors. Implements ticket 9299.
diff --git a/changes/ticket10060 b/changes/ticket10060
index 867c464..ff61c29 100644
--- a/changes/ticket10060
+++ b/changes/ticket10060
@@ -1,5 +1,5 @@
o Minor features:
- - Adding --allow-missing-torrc commandline option that allows Tor to
- run if configuration file specified by -f is not available.
+ - Add an --allow-missing-torrc commandline option that tells Tor to
+ run even if the configuration file specified by -f is not available.
Implements ticket 10060.
diff --git a/changes/ticket8510 b/changes/ticket8510
index c79129a..0cd7a8c 100644
--- a/changes/ticket8510
+++ b/changes/ticket8510
@@ -1,4 +1,3 @@
o Minor features:
- - Implement the HS_DESC async control event that notifies controller on
- activities related to hidden service descriptors. Partly resolves
- ticket 8510.
+ - Add a new "HS_DESC" controller event that reports activities
+ related to hidden service descriptors. Resolves ticket 8510.
diff --git a/changes/ticket9839 b/changes/ticket9839
index a71c231..e85c280 100644
--- a/changes/ticket9839
+++ b/changes/ticket9839
@@ -1,3 +1,3 @@
o Documentation:
- - Update manpage to describe some of the files one could find
- in data directory. Fixes bug 9839.
+ - Update manpage to describe some of the files you can expect to
+ find in Tor's DataDirectory. Addresses ticket 9839.
More information about the tor-commits
mailing list