sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fold in recent changelog entries

This commit is contained in:
Roger Dingledine 2012-01-22 00:15:45 -05:00
parent 8265a9e5b1
commit 110a953156
22 changed files with 118 additions and 151 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

155
ChangeLog
View File

@ -1,4 +1,4 @@
Changes in version 0.2.3.11-alpha - 2012-01-0?
Changes in version 0.2.3.11-alpha - 2012-01-??
o Major features:
- Now that Tor 0.2.0.x is completely deprecated, enable the final
part of "Proposal 110: Avoiding infinite length circuits" by
@ -32,26 +32,24 @@ Changes in version 0.2.3.11-alpha - 2012-01-0?
to make sure that the bug can't happen.
o Major bugfixes:
- Fix the SOCKET_OK test that we use to tell when socket
creation fails so that it works on Win64. Fixes part of bug 4533;
bugfix on 0.2.2.29-beta. Bug found by wanoskarnet.
- Correct our replacements for the timeradd() and timersub() functions
on platforms that lack them (for example, Windows). The timersub()
function is used when expiring circuits, while timeradd() is
currently unused. Bug report and patch by Vektor. Bugfix on
0.2.2.24-alpha and 0.2.3.1-alpha; fixes bug 4778.
currently unused. Bug report and patch by Vektor. Fixes bug 4778;
bugfix on 0.2.2.24-alpha and 0.2.3.1-alpha.
- Do not use OpenSSL 1.0.0's counter mode: it has a critical bug
that was fixed in OpenSSL 1.0.0a. Fixes bug 4779; bugfix on
Tor 0.2.3.9-alpha. Found by Pascal.
that was fixed in OpenSSL 1.0.0a. We test for the counter mode
bug at runtime, not compile time, because some distributions hack
their OpenSSL to mis-report its version. Fixes bug 4779; bugfix
on 0.2.3.9-alpha. Found by Pascal.
o Minor features:
- Directory servers now reject versions of Tor older than 0.2.1.30,
and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha
(inclusive). These versions accounted for only a small fraction of
the Tor network, and have numerous known security issues. Resolves
issue 4788.
o Minor features (controller):
- Use absolute path names when reporting the torrc filename in the
control protocol, so a controller can more easily find the torrc
file. Resolves bug 1101.
- If EntryNodes are given, but UseEntryGuards is set to 0, warn that
EntryNodes will have no effect. Resolves issue 2571.
- Extend the control protocol to report flags that control a circuit's
path selection in CIRC events and in replies to 'GETINFO
circuit-status'. Implements part of ticket 2411.
@ -59,6 +57,44 @@ Changes in version 0.2.3.11-alpha - 2012-01-0?
and current state of a hidden-service-related circuit in CIRC
events and in replies to 'GETINFO circuit-status'. Implements part
of ticket 2411.
- When reporting the path to the cookie file to the controller,
give an absolute path. Resolves ticket 4881.
- Allow controllers to request an event notification whenever a
circuit is cannibalized or its purpose is changed. Implements
part of ticket 3457.
- Include the creation time of a circuit in CIRC and CIRC2
control-port events and the list produced by the 'GETINFO
circuit-status' control-port command.
o Minor features (directory authorities):
- Directory authorities now reject versions of Tor older than
0.2.1.30, and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha
inclusive. These versions accounted for only a small fraction of
the Tor network, and have numerous known security issues. Resolves
issue 4788.
- Authority operators can now vote for all routers in a given
country to be BadDir/BadExit/Invali/Rejected.
- Provide two consensus parameters (FastFlagMinThreshold and
FastFlagMaxThreshold) to control the range of allowable bandwidths
for the Fast directory flag. These allow authorities to run
experiments on appropriate requirements for being a "Fast" node.
The AuthDirFastGuarantee config value still applies.
- Document the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays
directory authority option (introduced in Tor 0.2.2.34).
o Minor features (other):
- Don't disable the DirPort when we cannot exceed our AccountingMax
limit during this interval because the effective bandwidthrate is
low enough. This is useful in a situation where AccountMax is only
used as an additional safeguard or to provide statistics.
- Prepend an informative header to generated dynamic_dh_params files.
- If EntryNodes are given, but UseEntryGuards is set to 0, warn that
EntryNodes will have no effect. Resolves issue 2571.
- Log more useful messages when we fail to disable debugger
attachment.
- Log which authority we're missing votes from when we go to fetch
them from the other auths.
- Log (at debug level) whenever a circuit's purpose is changed.
- Update to the January 3 2012 Maxmind GeoLite Country database.
o Minor bugfixes (hidden services):
@ -71,12 +107,12 @@ Changes in version 0.2.3.11-alpha - 2012-01-0?
after the normal CBT. Now, we mark them as 'timed out', and launch
another rendezvous attempt in parallel. This behavior change can
be disabled using the new CloseHSClientCircuitsImmediatelyOnTimeout
option. Bugfix on 0.2.2.2-alpha; fixes part of bug 1297.
option. Fixes part of bug 1297; bugfix on 0.2.2.2-alpha.
- Don't close hidden-service-side rendezvous circuits when they
reach the normal circuit-build timeout. This behaviour change can
be disabled using the new
CloseHSServiceRendCircuitsImmediatelyOnTimeout option. Bugfix on
0.2.2.2-alpha; fixes the remaining part of bug 1297.
CloseHSServiceRendCircuitsImmediatelyOnTimeout option. Fixes the
remaining part of bug 1297; bugfix on 0.2.2.2-alpha.
- Make sure we never mark the wrong rendezvous circuit as having
had its introduction cell acknowleged by the introduction-point
relay. Previously, when we received an INTRODUCE_ACK cell on a
@ -84,15 +120,46 @@ Changes in version 0.2.3.11-alpha - 2012-01-0?
marked a rendezvous circuit other than the one we specified in
the INTRODUCE1 cell as INTRO_ACKED, which would have produced
a warning message and interfered with the hidden service
connection-establishment process. Bugfix on 0.2.3.3-alpha, when we
added the stream-isolation feature which might cause Tor to open
multiple rendezvous circuits for the same hidden service. Fixes
bug 4759.
connection-establishment process. Fixes bug 4759; bugfix on
0.2.3.3-alpha, when we added the stream-isolation feature which
might cause Tor to open multiple rendezvous circuits for the same
hidden service.
- Don't trigger an assertion failure when we mark a new client-side
hidden-service introduction circuit for close during the process
of creating it. Bugfix on 0.2.3.6-alpha. Fixes bug 4796; reported
of creating it. Fixes bug 4796; bugfix on 0.2.3.6-alpha. Reported
by murb.
o Minor bugfixes (log messages):
- Correctly spell "connect" in a log message on failure to create a
controlsocket. Fixes bug 4803; bugfix on 0.2.2.26-beta and
0.2.3.2-alpha.
- Fix a typo in a log message in rend_service_rendezvous_has_opened().
Fixes bug 4856; bugfix on Tor 0.0.6.
- Fix the log message describing how we work around discovering
that our version is the ill-fated OpenSSL 0.9.8l. Fixes bug
4837; bugfix on 0.2.2.9-alpha.
- When logging about a disallowed .exit name, do not also call it
an "invalid onion address". Fixes bug 3325; bugfix on 0.2.2.9-alpha.
o Minor bugfixes (build fixes):
- During configure, search for library containing cos function as
libm lives in libcore on some platforms (BeOS/Haiku). Linking
against libm was hard-coded before. Fixes the first part of bug
4727; bugfix on 0.2.2.2-alpha. Patch and analysis by Martin Hebnes
Pedersen.
- Preprocessor directives should not be put inside the arguments
of a macro. This would break compilation with GCC releases prior
to version 3.3. We would never recommend such an old GCC version,
but it is apparently required for binary compatibility on some
platforms (namely, certain builds of Haiku). Fixes the other part
of bug 4727; bugfix on 0.2.3.3-alpha. Patch and analysis by Martin
Hebnes Pedersen.
- Use an appropriate-width type for sockets in tor-fw-helper on
win64. Fixes bug 1983 at last. Bugfix on 0.2.3.9-alpha.
- Detect attempts to build Tor on (as yet hypothetical) versions
of Windows where sizeof(intptr_t) != sizeof(SOCKET). Partial
fix for bug 4533. Bugfix on 0.2.2.28-beta.
o Minor bugfixes (other):
- Fix null-pointer access that could occur if TLS allocation failed.
Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un". This was
@ -113,23 +180,21 @@ Changes in version 0.2.3.11-alpha - 2012-01-0?
platform specific, and particularly the hurd has ENOENT at
0x40000002. Construct expected string at runtime, using the correct
value for ENOENT. Fixes bug 4733; bugfix on 0.2.3.1-alpha.
- Correctly spell "connect" in a log message on failure to create a
controlsocket. Fixes bug 4803; bugfix on 0.2.2.26-beta and
0.2.3.2-alpha.
- During configure, search for library containing cos function as
libm lives in libcore on some platforms (BeOS/Haiku).
Linking against libm was hard-coded before. Bugfix on
0.2.2.2-alpha; fixes the first part of bug 4727. Patch and
analysis by Martin Hebnes Pedersen.
- Preprocessor directives should not be put inside the arguments
of a macro. This would break compilation with GCC releases prior
to version 3.3. We would never recommend such an old GCC
version, but it is apparently required for binary compatibility
on some platforms (namely, certain builds of Haiku). Bugfix on
0.2.3.3-alpha; fixes the other part of bug 4727. Patch and
analysis by Martin Hebnes Pedersen.
- Fix our implementation of crypto_random_hostname() so it can't
overflow on ridiculously large inputs. (No Tor version has ever
provided this kind of bad inputs, but let's be correct in depth.)
Fixes bug 4413; bugfix on 0.2.2.9-alpha. Fix by Stephen Palmateer.
- Reject attempts to disable DisableDebuggerAttachment while Tor is
running. Fixes bug 4650; bugfix on 0.2.3.9-alpha.
- Find more places in the code that should have been testing for
invalid sockets using the SOCKET_OK macro. Required for a fix
for bug 4533. Bugfix on 0.2.2.28-beta.
- Add missing documentation for the MaxClientCircuitsPending,
UseMicrodescriptors, UserspaceIOCPBuffers, and
_UseFilteringSSLBufferevents options, all introduced during
the 0.2.3.x series.
- Feature removal:
o Feature removal:
- When sending or relaying a RELAY_EARLY cell, we used to convert
it to a RELAY cell if the connection was using the v1 link
protocol. This was a workaround for older versions of Tor, which
@ -145,6 +210,22 @@ Changes in version 0.2.3.11-alpha - 2012-01-0?
- Use OpenSSL's built-in SSL_state_string_long() instead of our
own homebrewed ssl_state_to_string() replacement. Patch from
Emile Snyder. Fixes bug 4653.
- Use macros to indicate OpenSSL versions, so we don't need to worry
about accidental hexadecimal bit shifts.
- Remove some workaround code for OpenSSL 0.9.6 (which is no longer
supported).
- Convert more instances of tor_snprintf+tor_strdup into tor_asprintf.
- Use the smartlist_add_asprintf() alias more consistently.
- Use a TOR_INVALID_SOCKET macro when initializing a socket to an
invalid value, rather than just -1.
- Rename a handful of old identifiers, mostly related to crypto
structures and crypto functions. By convention, our "create an
object" functions are called "type_new()", our "free an object"
functions are called "type_free()", and our types indicate that
they are types only with a final "_t". But a handful of older
types and functions broke these rules, with function names like
"type_create" or "subsystem_op_type", or with type names like
type_env_t.
Changes in version 0.2.3.10-alpha - 2011-12-16

3
changes/absolute_cookie_file
View File

@ -1,3 +0,0 @@
o Minor features (controller):
- When reporting the path to the cookie file to the controller,
give an absolute path. Resolves ticket 4881.

5
changes/aes_ctr_test
View File

@ -1,5 +0,0 @@
o Minor bugfixes
- Test for the OpenSSL 1.0.0 counter mode bug at runtime, not compile
time. This is necessary because OpenSSL has been hacked to mis-report
its version on a few distributions.
Bugfix on Tor 0.2.3.11-alpha.

3
changes/badexitcc
View File

@ -1,3 +0,0 @@
o Minor features (directory authority):
- Authority operators can now vote for all routers in a given
country to be BadDir/BadExit/Invali/Rejected.

3
changes/bug1983_win64
View File

@ -1,3 +0,0 @@
o Minor bugfixes
- Use an appropriate-width type for sockets in tor-fw-helper on
win664. Fixes bug 1983 at last. Bugfix on 0.2.3.9-alpha.

6
changes/bug2434
View File

@ -1,6 +0,0 @@
o Minor features:
- Don't disable the DirPort when we cannot exceed our AccountingMax
limit during this interval because the effective bandwidthrate is
low enough. This is useful in a situation where AccountMax is only
used as an additional safeguard or to provide statistics.

3
changes/bug3325
View File

@ -1,3 +0,0 @@
o Minor bugfixes:
- When logging about a disallowed .exit name, do not also call it
an "invalid onion address". Fixes bug 3325; bugfix on 0.2.2.9-alpha.

8
changes/bug4012
View File

@ -1,8 +0,0 @@
o Minor bugfixes (documentation):
- Add missing documentation for the MaxClientCircuitsPending,
UseMicrodescriptors, UserspaceIOCPBuffers, and
_UseFilteringSSLBufferevents options, all introduced during
the 0.2.3.x series.

3
changes/bug4012_022
View File

@ -1,3 +0,0 @@
o Minor bugfixes (documentation):
- Document the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays
directory authority option (introduced in Tor 0.2.2.34).

5
changes/bug4413
View File

@ -1,5 +0,0 @@
o Minor bugfixes:
- Fix our implementation of crypto_random_hostname() so it can't
overflow on ridiculously large inputs. (No Tor version has ever
provided this kind of bad inputs, but let's be correct in depth.)
Fixes bug 4413; bugfix on 0.2.2.9-alpha. Fix by Stephen Palmateer.

5
changes/bug4533_part2
View File

@ -1,5 +0,0 @@
o Major bugfixes:
- Fix the SOCKET_OK test that we use to tell when socket
creation fails so that it works on Win64. Fixes part of bug
4533; bugfix on 0.2.2.29-beta. Bug found by wanoskarnet.

7
changes/bug4650
View File

@ -1,7 +0,0 @@
o Minor features:
- Log more useful messages when we fail to disable debugger attachment.
o Minor bugfixes:
- Reject attempts to disable DisableDebuggerAttachment while Tor is
running. Fixes bug 4650; bugfix on 0.2.3.9-alpha.

2
changes/bug4746
View File

@ -1,2 +0,0 @@
o Minor features:
- Prepend an informative header to generated dynamic_dh_params files.

4
changes/bug4837
View File

@ -1,4 +0,0 @@
o Minor bugfixes:
- Fix the log message describing how we work around discovering
that our version is the ill-fated OpenSSL 0.9.8l. Fixes bug
4837; bugfix on 0.2.2.9-alpha.

3
changes/bug4856
View File

@ -1,3 +0,0 @@
o Trivial bugfixes
- Fix a typo in a log message in rend_service_rendezvous_has_opened().
Fixes bug 4856; bugfix on Tor 0.0.6.

5
changes/clean_asprintf
View File

@ -1,5 +0,0 @@
o Code simplifications and refactoring
- Use the smartlist_add_asprintf alias more consistently
throughout the codebase.
- Convert more instances of tor_snprintf+tor_strdup into
tor_asprintf.

3
changes/dirauth_log
View File

@ -1,3 +0,0 @@
o Minor features:
- Log which authority we're missing votes from when we go to fetch them
from the other auths.

8
changes/fast_bw_param
View File

@ -1,8 +0,0 @@
o Minor features (directory authority):
- Provide two consensus parameters (FastFlagMinThreshold and
FastFlagMaxThreshold) to control the range of allowable bandwidths for
the Fast directory flag. This allows authorities to run better
experiments on appropriate requirements for being a "Fast" node.
The AuthDirFastGuarantee flag still applies.

12
changes/feature3457
View File

@ -1,12 +0,0 @@
o Minor features:
- Log (at debug level) whenever a circuit's purpose is changed.
- Allow controllers to request an event notification whenever a
circuit is cannibalized or its purpose is changed. Implements
part of ticket 3457.
- Include the creation time of a circuit in CIRC and CIRC2
control-port events and the list produced by the 'GETINFO
circuit-status' control-port command.

6
changes/readable_ssl_versions
View File

@ -1,6 +0,0 @@
o Code simplification and refactoring:
- Use macros to indicate OpenSSL versions, so we don't need to worry
about accidental hexadecimal bit shifts.
- Remove some workaround code for OpenSSL 0.9.6, which is no longer
supported.

9
changes/renaming_identifiers
View File

@ -1,9 +0,0 @@
o Code simplifications and refactorings:
- Rename a handful of old identifiers, mostly related to crypto
structures and crypto functions. By convention, our "create an
object" functions are called "type_new()", our "free an object"
functions are called "type_free()", and our types indicate that
they are types only with a final "_t". But a handful of older
types and functions broke these rules, with function names like
"type_create" or "subsystem_op_type", or with type names like
type_env_t.

11
changes/tor_socket_tests
View File

@ -1,11 +0,0 @@
o Minor bugfixes:
- Find more places in the code that should have been testing for
invalid sockets using the SOCKET_OK macro. Required for a fix
for bug 4533. Bugfix on 0.2.2.28-beta.
- Detect attempts to build Tor on (as yet hypothetical) versions
of Windows where sizeof(intptr_t) != sizeof(SOCKET). Partial
fix for bug 4533. Bugfix on 0.2.2.28-beta.
o Code simplification and refactoring:
- Use a TOR_INVALID_SOCKET macro when initializing a socket to an
invalid value, rather than just -1.