[tor-commits] [tor/master] Edit changelog a little for clarity and conciseness
nickm at torproject.org
nickm at torproject.org
Mon Aug 8 16:55:09 UTC 2016
commit 8b1ea189610f4a96d1029f7ecc0fa4c321cd71e5
Author: Nick Mathewson <nickm at torproject.org>
Date: Mon Aug 8 12:28:29 2016 -0400
Edit changelog a little for clarity and conciseness
---
ChangeLog | 157 ++++++++++++++++++++++++++++++++++----------------------------
1 file changed, 86 insertions(+), 71 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 088286c..5d91f82 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,4 @@
-Changes in version 0.2.9.1-alpha - 2016-08-0?
+Changes in version 0.2.9.1-alpha - 2016-08-08
Tor 0.2.9.1-alpha is the first alpha release in the 0.2.9 development
series. It improves our support for hardened builds and compiler
warnings, deploys some critical infrastructure for improvements to
@@ -7,24 +7,28 @@ Changes in version 0.2.9.1-alpha - 2016-08-0?
log unexpected events, and contains other small improvements to
security, correctness, and performance.
+ Below are the changes since 0.2.8.6.
+
o New system requirements:
- - Tor requires Libevent version 2.0.10-stable or later now. This
- implements ticket 19554.
- - We now require zlib version 1.2 or later. (Back when we started,
+ - Tor now requires Libevent version 2.0.10-stable or later. Older
+ versions of Libevent have less efficient backends for several
+ platforms, and lack the DNS code that we use for our server-side
+ DNS support. This implements ticket 19554.
+ - Tor now requires zlib version 1.2 or later, for security,
+ efficiency, and (eventually) gzip support. (Back when we started,
zlib 1.1 and zlib 1.0 were still found in the wild. 1.2 was
released in 2003. We recommend the latest version.)
o Major features (build, hardening):
- Tor now builds with -ftrapv by default on compilers that support
- it. This option detects signed integer overflow, and turns it into
- a hard-failure. We do not apply this option to code that needs to
- run in constant time to avoid side-channels; instead, we use
- -fwrapv. Closes ticket 17983.
+ it. This option detects signed integer overflow (which C forbids),
+ and turns it into a hard-failure. We do not apply this option to
+ code that needs to run in constant time to avoid side-channels;
+ instead, we use -fwrapv in that code. Closes ticket 17983.
- When --enable-expensive-hardening is selected, stop applying the
- clang/gcc sanitizers to code that needs to run in constant-time to
- avoid side channels: although we are aware of no introduced side-
- channels, we are not able to prove that this is safe. Related to
- ticket 17983.
+ clang/gcc sanitizers to code that needs to run in constant time.
+ Although we are aware of no introduced side-channels, we are not
+ able to prove that there are none. Related to ticket 17983.
o Major features (compilation):
- Our big list of extra GCC warnings is now enabled by default when
@@ -33,23 +37,25 @@ Changes in version 0.2.9.1-alpha - 2016-08-0?
errors, pass --enable-fatal-warnings to configure. Closes
ticket 19044.
- Use the Autoconf macro AC_USE_SYSTEM_EXTENSIONS to automatically
- turn on C and POSIX extensions. Closes ticket 19139.
+ turn on C and POSIX extensions. (Previously, we attempted to do
+ this on an ad hoc basis.) Closes ticket 19139.
o Major features (directory authorities, hidden services):
- Directory authorities can now perform the shared randomness
protocol specified by proposal 250. Using this protocol, directory
- authorities can generate a global fresh random number every day.
- In the future, this global randomness will be used by hidden
- services to select their responsible HSDirs. This release only
- implements the directory authority feature; the hidden service
- side will be implemented in the future as part of proposal 224.
- Resolves ticket 16943; implements proposal 250.
-
- o Major features (downloading):
- - Use random exponential backoffs when retrying downloads from the
- dir servers. This prevents a group of Tor instances from becoming
- too synchronized, or a single Tor instance from becoming too
- predictable, in its download schedule. Closes ticket 15942.
+ authorities generate a global fresh random value every day. In the
+ future, this value will be used by hidden services to select
+ HSDirs. This release implements the directory authority feature;
+ the hidden service side will be implemented in the future as part
+ of proposal 224. Resolves ticket 16943; implements proposal 250.
+
+ o Major features (downloading, random exponential backoff):
+ - When we fail to download an object from a directory service, wait
+ for an (exponentially increasing) randomized amount of time before
+ retrying, rather than a fixed interval as we did before. This
+ prevents a group of Tor instances from becoming too synchronized,
+ or a single Tor instance from becoming too predictable, in its
+ download schedule. Closes ticket 15942.
o Major bugfixes (exit policies):
- Avoid disclosing exit outbound bind addresses, configured port
@@ -63,47 +69,47 @@ Changes in version 0.2.9.1-alpha - 2016-08-0?
- Allow Tor clients with appropriate controllers to work with
FetchHidServDescriptors set to 0. Previously, this option also
disabled descriptor cache lookup, thus breaking hidden services
- entirely when it was set. Fixes bug 18704; bugfix on 0.2.0.20-rc.
- Patch by "twim".
+ entirely. Fixes bug 18704; bugfix on 0.2.0.20-rc. Patch by "twim".
o Minor features (build, hardening):
- - Detect and work around a libclang_rt problem that prevents clang
- from finding __mulodi4() on some 32-bit platforms. This clang bug
- would keep -ftrapv from linking on those systems. Closes
- ticket 19079.
- - When building on a system without runtime support for some of the
- runtime hardening options, try to log a useful warning at
- configuration time, rather than an incomprehensible warning at
- link time. If expensive hardening was requested, this warning
- becomes an error. Closes ticket 18895.
+ - Detect and work around a libclang_rt problem that would prevent
+ clang from finding __mulodi4() on some 32-bit platforms, and thus
+ keep -ftrapv from linking on those systems. Closes ticket 19079.
+ - When building on a system without runtime support for the runtime
+ hardening options, try to log a useful warning at configuration
+ time, rather than an incomprehensible warning at link time. If
+ expensive hardening was requested, this warning becomes an error.
+ Closes ticket 18895.
o Minor features (code safety):
- - In our integer-parsing functions, check that the maxiumum value
- given is no smaller than the minimum value. Closes ticket 19063;
+ - In our integer-parsing functions, ensure that maxiumum value we
+ give is no smaller than the minimum value. Closes ticket 19063;
patch from U+039b.
o Minor features (controller):
- - Implement new GETINFO queries for all downloads using
- download_status_t to schedule retries. Closes ticket 19323.
- - Add support for configuring basic client authorization on hidden
- services created with the ADD_ONION control command. Implements
- ticket 15588. Patch by "special".
- - Fire a `STATUS_SERVER` event whenever the hibernation status
- changes between "awake"/"soft"/"hard". Closes ticket 18685.
+ - Implement new GETINFO queries for all downloads that use
+ download_status_t to schedule retries. This allows controllers to
+ examine the schedule for pending downloads. Closes ticket 19323.
+ - Allow controllers to configure basic client authorization on
+ hidden services when they create them with the ADD_ONION control
+ command. Implements ticket 15588. Patch by "special".
+ - Fire a STATUS_SERVER controller event whenever the hibernation
+ status changes between "awake"/"soft"/"hard". Closes ticket 18685.
o Minor features (directory authority):
- Directory authorities now only give the Guard flag to a relay if
they are also giving it the Stable flag. This change allows us to
- simplify path selection for clients, and it should have minimal
- effect in practice since >99% of Guards already have the Stable
- flag. Implements ticket 18624.
- - Make directory authorities write the v3-status-votes file out to
- disk earlier in the consensus process, so we have the votes even
- if we abort the consensus process later. Resolves ticket 19036.
+ simplify path selection for clients. It should have minimal effect
+ in practice, since >99% of Guards already have the Stable flag.
+ Implements ticket 18624.
+ - Directory authorities now write their v3-status-votes file out to
+ disk earlier in the consensus process, so we have a record of the
+ votes even if we abort the consensus process. Resolves
+ ticket 19036.
o Minor features (hidden service):
- Stop being so strict about the payload length of "rendezvous1"
- cells. We used to be locked in to the "tap" handshake length, and
+ cells. We used to be locked in to the "TAP" handshake length, and
now we can handle better handshakes like "ntor". Resolves
ticket 18998.
@@ -123,15 +129,22 @@ Changes in version 0.2.9.1-alpha - 2016-08-0?
- Provide a more useful warning message when configured with an
invalid Nickname. Closes ticket 18300; patch from "icanhasaccount".
- When dumping unparseable router descriptors, optionally store them
- in separate filenames by hash, up to a configurable limit. Closes
- ticket 18322.
+ in separate files, named by digest, up to a configurable size
+ limit. You can change the size limit by setting the
+ MaxUnparseableDescSizeToLog option, and disable this feature by
+ setting that option to 0. Closes ticket 18322.
- Add a set of macros to check nonfatal assertions, for internal
use. Migrating more of our checks to these should help us avoid
needless crash bugs. Closes ticket 18613.
o Minor features (performance):
- - When fetching a consensus for the first time, use optimistic data.
- This saves a round-trip during startup. Closes ticket 18815.
+ - Changer the "optimistic data" extension from "off by default" to
+ "on by default". The default was ordinarily overridden by a
+ consensus option, but when clients were bootstrapping for the
+ first time, they would not have a consensus to get the option
+ from. Changing this default When fetching a consensus for the
+ first time, use optimistic data. This saves a round-trip during
+ startup. Closes ticket 18815.
o Minor features (relay, usability):
- When the directory authorities refuse a bad relay's descriptor,
@@ -154,30 +167,31 @@ Changes in version 0.2.9.1-alpha - 2016-08-0?
o Minor bugfixes (bootstrap):
- Remember the directory we fetched the consensus or previous
certificates from, and use it to fetch future authority
- certificates. Fixes bug 18963; bugfix on 0.2.8.1-alpha.
+ certificates. This change improves bootstrapping performance.
+ Fixes bug 18963; bugfix on 0.2.8.1-alpha.
o Minor bugfixes (build):
- - Make the test-stem and test-network targets depend only on the tor
- binary that they will be testing. Previously, they depended on
+ - The test-stem and test-network makefile targets now depend only on
+ the tor binary that they are testing. Previously, they depended on
"make all". Fixes bug 18240; bugfix on 0.2.8.2-alpha. Based on a
patch from "cypherpunks".
o Minor bugfixes (circuits):
- - Make sure extend_info_from_router is only called on servers. Fixes
- bug 19639; bugfix on 0.2.8.1-alpha.
+ - Make sure extend_info_from_router() is only called on servers.
+ Fixes bug 19639; bugfix on 0.2.8.1-alpha.
o Minor bugfixes (compilation):
- - When building with Clang, include our full array of GCC warnings.
+ - When building with Clang, use a full set of GCC warnings.
(Previously, we included only a subset, because of the way we
detected them.) Fixes bug 19216; bugfix on 0.2.0.1-alpha.
o Minor bugfixes (directory authority):
- Authorities now sort the "package" lines in their votes, for ease
- of debugging. (They are already sorted in the consensus
- documents.) Fixes bug 18840; bugfix on 0.2.6.3-alpha.
- - When parsing detached signature, make sure we use the length of
+ of debugging. (They are already sorted in consensus documents.)
+ Fixes bug 18840; bugfix on 0.2.6.3-alpha.
+ - When parsing a detached signature, make sure we use the length of
the digest algorithm instead of an hardcoded DIGEST256_LEN in
- order to avoid comparing bytes out of bound with a smaller digest
+ order to avoid comparing bytes out-of-bounds with a smaller digest
length such as SHA1. Fixes bug 19066; bugfix on 0.2.2.6-alpha.
o Minor bugfixes (documentation):
@@ -190,7 +204,7 @@ Changes in version 0.2.9.1-alpha - 2016-08-0?
o Minor bugfixes (ephemeral hidden service):
- When deleting an ephemeral hidden service, close its intro points
- even if they are not in the open state. Fixes bug 18604; bugfix
+ even if they are not completely open. Fixes bug 18604; bugfix
on 0.2.7.1-alpha.
o Minor bugfixes (guard selection):
@@ -204,8 +218,9 @@ Changes in version 0.2.9.1-alpha - 2016-08-0?
o Minor bugfixes (hidden service client):
- Increase the minimum number of internal circuits we preemptively
- build from 2 to 3 so they are available when a client connects to
- another onion service. Fixes bug 13239; bugfix on 0.1.0.1-rc.
+ build from 2 to 3, so a circuit is available when a client
+ connects to another onion service. Fixes bug 13239; bugfix
+ on 0.1.0.1-rc.
o Minor bugfixes (logging):
- When logging a directory ownership mismatch, log the owning
@@ -241,8 +256,8 @@ Changes in version 0.2.9.1-alpha - 2016-08-0?
in the counter. Now, if the number of messages hits a maximum, the
rate-limiter doesn't count any further. Fixes bug 19435; bugfix
on 0.2.4.11-alpha.
- - Fix a typo in the getting passphrase prompt for the ed25519
- identity key. Fixes bug 19503; bugfix on 0.2.7.2-alpha.
+ - Fix a typo in the passphrase prompt for the ed25519 identity key.
+ Fixes bug 19503; bugfix on 0.2.7.2-alpha.
o Code simplification and refactoring:
- Remove redundant declarations of the MIN macro. Closes
More information about the tor-commits
mailing list