[tor-commits] [tor/master] Lightly edit the changelog
nickm at torproject.org
nickm at torproject.org
Fri Sep 23 17:30:33 UTC 2016
commit 43b9db7bde759fd5cdb575c990b098a0ea8b48c0
Author: Nick Mathewson <nickm at torproject.org>
Date: Fri Sep 23 13:29:53 2016 -0400
Lightly edit the changelog
---
ChangeLog | 84 ++++++++++++++++++++++++++++++++-------------------------------
1 file changed, 43 insertions(+), 41 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index f165880..47e1f1b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,22 +22,17 @@ Changes in version 0.2.9.3-alpha - 2016-09-23
this one.
o Major features (circuit building, security):
- - Authorities, relays and clients specifically check that each
- descriptor has an ntor key.
- - Circuit-building code assumes that all hops can use ntor, except
- for rare hidden service protocol cases.
- - Client code never chooses nodes without ntor keys: they will not
- be selected during circuit-building, or as guards, or as directory
- mirrors, or as introduction or rendezvous points.
- - Clients avoid downloading a descriptor if the relay version is too
- old to support ntor.
+ - Authorities, relays and clients now require ntor keys in all
+ descriptors, for all hops (except for rare hidden service protocol
+ cases), for all circuits, and for all other roles. Part of
+ ticket 19163.
- Tor authorities, relays, and clients only use ntor, except for
- rare cases in the hidden service protocol.
+ rare cases in the hidden service protocol. Part of ticket 19163.
- o Major features (onion services):
+ o Major features (single-hop "hidden" services):
- Add experimental HiddenServiceSingleHopMode and
HiddenServiceNonAnonymousMode options. When both are set to 1,
- every hidden service on a tor instance becomes a non-anonymous
+ every hidden service on a Tor instance becomes a non-anonymous
Single Onion Service. Single Onions make one-hop (direct)
connections to their introduction and renzedvous points. One-hop
circuits make Single Onion servers easily locatable, but clients
@@ -47,15 +42,16 @@ Changes in version 0.2.9.3-alpha - 2016-09-23
proposal 260, completes ticket 17178. Patch by teor and asn.
o Major features (resource management):
- - Tor now includes support for noticing when we are about to run out
- of sockets, and preemptively closing connections of lower
+ - Tor can now notice it is about to run out
+ of sockets, and preemptively close connections of lower
priority. (This feature is off by default for now, since the
- current prioritizing method is not mature enough yet. You can
- enable it by setting "DisableOOSCheck 0".) Closes ticket 18640.
+ current prioritizing method is yet not mature enough. You can
+ enable it by setting "DisableOOSCheck 0", but watch out: it might close
+ some sockets you would rather have it keep.) Closes ticket 18640.
o Major bugfixes (circuit building):
- Hidden service client-to-intro-point and service-to-rendezvous-
- point cicruitss use the TAP key supplied by the protocol, to avoid
+ point cicruits use the TAP key supplied by the protocol, to avoid
epistemic attacks. Fixes bug 19163; bugfix on 0.2.4.18-rc.
o Major bugfixes (compilation, OpenBSD):
@@ -64,20 +60,20 @@ Changes in version 0.2.9.3-alpha - 2016-09-23
rubiate. Fixes bug 19902; bugfix on 0.2.9.1-alpha.
o Major bugfixes (hidden services):
- - Clients require hidden services to include the TAP keys for their
+ - Clients now require hidden services to include the TAP keys for their
intro points in the hidden service descriptor. This prevents an
inadvertent upgrade to ntor, which a malicious hidden service
- could use to discover which consensus a client has. Fixes bug
+ could use to distinguish clients by consensus version. Fixes bug
20012; bugfix on 0.2.4.8-alpha. Patch by teor.
o Minor features (security, TLS):
- - Servers no longer support clients that do not provide AES
+ - Servers no longer support clients that without AES
ciphersuites. (3DES is no longer considered an acceptable cipher.)
- We believe that no such clients currently exist, since we have
+ We believe that no such Tor clients currently exist, since Tor has
required OpenSSL 0.9.7 or later since 2009. Closes ticket 19998.
o Minor feature (fallback directories):
- - Remove broken fallbacks from the hard-coded fallback directory
+ - Remove broken entries from the hard-coded fallback directory
list. Closes ticket 20190; patch by teor.
o Minor features (geoip, also in 0.2.8.8):
@@ -85,7 +81,9 @@ Changes in version 0.2.9.3-alpha - 2016-09-23
Country database.
o Minor feature (port flags):
- - Add *Port flags NoDNSRequest and NoOnionTraffic, and the synthetic
+ - Add new flags to the *Port options to finer control over which
+ requests are allowed. The flags are NoDNSRequest, NoOnionTraffic, and
+ the synthetic
flag OnionTrafficOnly, which is equivalent to NoDNSRequest,
NoIPv4Traffic, and NoIPv6Traffic. Closes enhancement 18693; patch
by "teor".
@@ -96,13 +94,15 @@ Changes in version 0.2.9.3-alpha - 2016-09-23
ticket 20002; implements part of proposal 272.
o Minor features (testing):
- - Disable memory protections on OpenBSD when testing memwipe(). The
- test deliberately invokes undefined behaviour which the protections
- interfere with. Patch from "rubiate". Closes ticket 20066.
+ - Disable memory protections on OpenBSD when performing our unit tests
+ for memwipe(). The
+ test deliberately invokes undefined behavior, and the OpenBSD
+ protections interfere with this.
+ Patch from "rubiate". Closes ticket 20066.
o Minor features (testing, ipv6):
- - Add the single-onion and single-onion-ipv6 chutney targets to make
- test-network-all. This requires a recent chutney version with the
+ - Add the single-onion and single-onion-ipv6 chutney targets to "make
+ test-network-all". This requires a recent chutney version with the
single onion network flavours (git c72a652 or later). Closes
ticket 20072; patch by teor.
- Add the hs-ipv6 chutney target to make test-network-all's IPv6
@@ -116,26 +116,28 @@ Changes in version 0.2.9.3-alpha - 2016-09-23
0.2.8.7. Implements feature 20034. Patch by teor.
o Minor features (unit tests):
- - Our link-handshake unit tests now check, that when invalid
+ - We've done significant work to make the unit tests run faster.
+ - Our link-handshake unit tests now check that when invalid
handshakes fail, they fail with the error messages we expected.
- Our unit testing code that captures log messages no longer
prevents them from being written out if the user asked for them
(by passing --debug or --info or or --notice --warn to the "test"
- binary). This change will prevent us from missing unexpected log
+ binary). This change prevents us from missing unexpected log
messages simply because we were looking for others. Related to
ticket 19999.
- The unit tests now log all warning messages with the "BUG" flag.
Previously, they only logged errors by default. This change will
help us make our testing code more correct, and make sure that we
- only hit this code when we mean to. This is preparatory work for
+ only hit this code when we mean to. In the meantime, however, there
+ will be more warnings in the unit test logs than before. This is preparatory work for
ticket 19999.
- The unit tests now treat any failure of a "tor_assert_nonfatal()"
assertion as a test failure.
- - We've done significant work to make the unit tests run faster.
o Minor bug fixes (circuits):
- - Use CircuitBuildTimeout whenever LearnCircuitBuildTimeout is
- disabled. Fixes bug 19678; bugfix on commit 5b0b51ca3 in
+ - Use the CircuitBuildTimeout option whenever LearnCircuitBuildTimeout is
+ disabled. Previously, we would respect the option when a user disabled
+ it, but not when it was disabled because some other option was set. Fixes bug 20073; bugfix on
0.2.4.12-alpha. Patch by teor.
o Minor bugfixes (allocation):
@@ -147,7 +149,7 @@ Changes in version 0.2.9.3-alpha - 2016-09-23
Sometimes, it includes macros that affect the behavior of the
standard headers. Fixes bug 19767; bugfix on 0.2.9.1-alpha (the
first version to use AC_USE_SYSTEM_EXTENSIONS).
- - Fix a syntax error in the IF_BUG_ONCE__() macro in non- GCC-
+ - Fix a syntax error in the IF_BUG_ONCE__() macro in non-GCC-
compatible compilers. Fixes bug 20141; bugfix on 0.2.9.1-alpha.
Patch from Gisle Vanem.
- Stop trying to build with Clang 4.0's -Wthread-safety warnings.
@@ -156,7 +158,7 @@ Changes in version 0.2.9.3-alpha - 2016-09-23
wrappers. Fixes bug 20110; bugfix on 0.2.9.1-alpha.
o Minor bugfixes (directory authority):
- - Die with a useful error when the operator forgets to place the
+ - Die with a more useful error when the operator forgets to place the
authority_signing_key file into the keys directory. This avoids an
uninformative assert & traceback about having an invalid key.
Fixes bug 20065; bugfix on 0.2.0.1-alpha.
@@ -186,7 +188,7 @@ Changes in version 0.2.9.3-alpha - 2016-09-23
- Add permission to run the sched_yield() and sigaltstack() system
calls, in order to support versions of Tor compiled with asan or
ubsan code that use these calls. Now "sandbox 1" and
- "--enable-expensive-hardening" should be compatible. Fixes bug
+ "--enable-expensive-hardening" should be compatible on more systems. Fixes bug
20063; bugfix on 0.2.5.1-alpha.
o Minor bugfixes (logging):
@@ -207,7 +209,7 @@ Changes in version 0.2.9.3-alpha - 2016-09-23
o Minor bugfixes (options):
- Check the consistency of UseEntryGuards and EntryNodes more
- reliably. Fixes bug 20074; bugfix on commit 686aaa5c in tor-
+ reliably. Fixes bug 20074; bugfix on tor-
0.2.4.12-alpha. Patch by teor.
- Stop changing the configured value of UseEntryGuards on
authorities and Tor2web clients. Fixes bug 20074; bugfix on
@@ -220,12 +222,12 @@ Changes in version 0.2.9.3-alpha - 2016-09-23
19678. Patch by teor.
o Minor bugfixes (unit tests):
- - Fix shared random unit test that was failing on big endian
- architecture due to internal representation of a integer copied to
+ - Fix a shared-random unit test that was failing on big endian
+ architectures due to internal representation of a integer copied to
a buffer. The test is changed to take a full 32 bytes of data and
use the output of a python script that make the COMMIT and REVEAL
calculation according to the spec. Fixes bug 19977; bugfix
- on tor-0.2.9.1-alpha.
+ on 0.2.9.1-alpha.
- The tor_tls_server_info_callback unit test no longer crashes when
debug-level logging is turned on. Fixes bug 20041; bugfix
on 0.2.8.1-alpha.
More information about the tor-commits
mailing list