reformat 0.2.7.1-alpha changelog
This commit is contained in:
Nick Mathewson
parent
ef7ef4abb4
commit
411049d0d4
251
ChangeLog
251
ChangeLog
|
|
@ -1,67 +1,94 @@
|
|||
Changes in version 0.2.7.1-alpha - 2015-05-??
|
||||
Tor 0.2.7.1-alpha is the first alpha release in its series.
|
||||
|
||||
o New system requirements:
|
||||
- Tor no longer includes workarounds for Libevent versions before
|
||||
1.3e. Libevent 2.0 or later is recommended. Closes ticket 15248.
|
||||
|
||||
o Major features (controller):
|
||||
- Add the ADD_ONION and DEL_ONION commands that allows the creation
|
||||
and management of hidden services via the controller. Closes
|
||||
ticket 6411.
|
||||
- New "GETINFO onions/current" and "GETINFO onions/detached" to get
|
||||
information about hidden services created via the controller.
|
||||
Part of ticket 6411.
|
||||
- New HSFETCH command to launch a request for a hidden service descriptor.
|
||||
Closes ticket 14847.
|
||||
information about hidden services created via the controller. Part
|
||||
of ticket 6411.
|
||||
- New HSFETCH command to launch a request for a hidden service
|
||||
descriptor. Closes ticket 14847.
|
||||
|
||||
o Major bugfixes (hidden services):
|
||||
- Revert commit that made directory authority assign the HSDir flag to
|
||||
relay without a DirPort which is bad because relay can't handle
|
||||
- Revert commit that made directory authority assign the HSDir flag
|
||||
to relay without a DirPort which is bad because relay can't handle
|
||||
BEGIN_DIR cells. Fixes bug 15850; bugfix on tor-0.2.6.3-alpha.
|
||||
|
||||
o Minor features (HS popularity countermeasure):
|
||||
- To avoid leaking HS popularity, don't cycle the introduction point
|
||||
when we've handled a fixed number of INTRODUCE2 cells but instead
|
||||
cycle it when a random value of introductions is reached thus making
|
||||
it more difficult for an attacker to find out the amount of clients
|
||||
that has passed through the introduction point for a specific HS.
|
||||
Closes ticket 15745.
|
||||
o Minor features (clock-jump tolerance):
|
||||
- Recover better when our clock jumps back many hours, like might
|
||||
happen for Tails or Whonix users who start with a very wrong
|
||||
hardware clock, use Tor to discover a more accurate time, and then
|
||||
fix their clock. Resolves part of ticket 8766. [I'd call this a
|
||||
major feature if it actually fixed all of the issues.]
|
||||
|
||||
o Minor features (command-line interface):
|
||||
- Make --hash-password imply --hush to prevent unnecessary noise. Closes
|
||||
ticket 15542.
|
||||
- Make --hash-password imply --hush to prevent unnecessary noise.
|
||||
Closes ticket 15542.
|
||||
- Print a warning whenever we find a relative file path being used
|
||||
as torrc option. Resolves issue 14018.
|
||||
- The "--hash-password" option now implies "--hush" to avoid
|
||||
needless noise. Closes ticket 15542. Patch from "cypherpunks".
|
||||
|
||||
o Minor features (controller)
|
||||
- Controllers can now use GETINFO hs/client/desc/id/... to
|
||||
retrieve items from the client's hidden service descriptor
|
||||
cache. Closes ticket 14845.
|
||||
o Minor features (controller):
|
||||
- Controllers can now use GETINFO hs/client/desc/id/... to retrieve
|
||||
items from the client's hidden service descriptor cache. Closes
|
||||
ticket 14845.
|
||||
|
||||
o Minor features (controller):
|
||||
- Add DirAuthority lines for default directory authorities to output
|
||||
of the GETINFO config/defaults controller command if not already
|
||||
present. Implements ticket 14840.
|
||||
- Implement a new controller command "status/fresh-relay-descs" to
|
||||
fetch a descriptor/extrainfo pair that was generated on demand
|
||||
just for the controller's use. Implements ticket 14784.
|
||||
|
||||
o Minor features (DoS-resistance):
|
||||
- Make it harder for attackers to overwhelm hidden services with
|
||||
introductions, by blocking multiple introduction requests on the
|
||||
same circuit. Resolves ticket 15515.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
|
||||
- Update geoip6 to the April 8 2015 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor features (HS popularity countermeasure):
|
||||
- To avoid leaking HS popularity, don't cycle the introduction point
|
||||
when we've handled a fixed number of INTRODUCE2 cells but instead
|
||||
cycle it when a random value of introductions is reached thus
|
||||
making it more difficult for an attacker to find out the amount of
|
||||
clients that has passed through the introduction point for a
|
||||
specific HS. Closes ticket 15745.
|
||||
|
||||
o Minor features (logging):
|
||||
- Include the Tor version in all LD_BUG log messages, since people
|
||||
tend to cut and paste those into the bugtracker. Implements
|
||||
ticket 15026.
|
||||
|
||||
o Minor features (pluggable transports):
|
||||
- When launching managed pluggable transports, setup a valid open stdin
|
||||
in the child process that can be used to detect if tor has terminated.
|
||||
The "TOR_PT_EXIT_ON_STDIN_CLOSE" enviornment variable can be used by
|
||||
implementations to detect this new behavior. Resolves ticket 15435.
|
||||
- When launching managed pluggable transports, setup a valid open
|
||||
stdin in the child process that can be used to detect if tor has
|
||||
terminated. The "TOR_PT_EXIT_ON_STDIN_CLOSE" enviornment variable
|
||||
can be used by implementations to detect this new behavior.
|
||||
Resolves ticket 15435.
|
||||
- When launching managed pluggable transports on linux systems,
|
||||
attempt to have the kernel deliver a SIGTERM on tor exit if
|
||||
the pluggable transport process is still running. Resolves
|
||||
attempt to have the kernel deliver a SIGTERM on tor exit if the
|
||||
pluggable transport process is still running. Resolves
|
||||
ticket 15471.
|
||||
|
||||
|
||||
o Minor features (testing):
|
||||
- Add make rule `check-changes` to verify the format of changes files.
|
||||
Closes ticket 15180.
|
||||
- Add unit tests for control_event_is_interesting().
|
||||
Add a compile-time check that the number of events doesn't exceed
|
||||
the capacity of control_event_t.event_mask.
|
||||
Closes ticket 15431, checks for bugs similar to 13085.
|
||||
Patch by "teor".
|
||||
- Add make rule `check-changes` to verify the format of changes
|
||||
files. Closes ticket 15180.
|
||||
- Add unit tests for control_event_is_interesting(). Add a compile-
|
||||
time check that the number of events doesn't exceed the capacity
|
||||
of control_event_t.event_mask. Closes ticket 15431, checks for
|
||||
bugs similar to 13085. Patch by "teor".
|
||||
- Commandline argument tests moved to Stem. Resolves ticket 14806.
|
||||
- Integrate the ntor, backtrace and zero lengths keys tests into the
|
||||
automake test suite. Closes ticket 15344.
|
||||
|
|
@ -73,60 +100,35 @@ Changes in version 0.2.7.1-alpha - 2015-05-??
|
|||
- Add a test to verify that the compiler does not eliminate our
|
||||
memwipe() implementation. Closes ticket 15377.
|
||||
|
||||
o Minor features (controller):
|
||||
- Add DirAuthority lines for default directory authorities to output
|
||||
of the GETINFO config/defaults controller command if not already
|
||||
present. Implements ticket 14840.
|
||||
- Implement a new controller command "status/fresh-relay-descs" to
|
||||
fetch a descriptor/extrainfo pair that was generated on demand
|
||||
just for the controller's use. Implements ticket 14784.
|
||||
|
||||
o Minor features (command-line interface):
|
||||
- Print a warning whenever we find a relative
|
||||
file path being used as torrc option. Resolves issue 14018.
|
||||
- The "--hash-password" option now implies "--hush" to avoid needless
|
||||
noise. Closes ticket 15542. Patch from "cypherpunks".
|
||||
|
||||
o Minor features (clock-jump tolerance):
|
||||
- Recover better when our clock jumps back many hours, like might
|
||||
happen for Tails or Whonix users who start with a very wrong
|
||||
hardware clock, use Tor to discover a more accurate time, and then
|
||||
fix their clock. Resolves part of ticket 8766.
|
||||
[I'd call this a major feature if it actually fixed all of the issues.]
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
|
||||
- Update geoip6 to the April 8 2015 Maxmind GeoLite2 Country database.
|
||||
|
||||
o Minor bugfixes (statistics):
|
||||
- Disregard the ConnDirectionStatistics torrc options when Tor is
|
||||
not a relay since in that mode of operation no sensible data is
|
||||
being collected and because Tor might run into measurement hiccups
|
||||
when running as a client for some time, then becoming a relay. Fixes
|
||||
bug 15604; bugfix on 0.2.2.35.
|
||||
|
||||
o Minor bugfixes (build):
|
||||
- Improve out-of-tree builds by making non-standard rules work and clean up
|
||||
additional files and directories. Fixes bug 15053; bugfix on
|
||||
0.2.7.0-alpha.
|
||||
- Improve out-of-tree builds by making non-standard rules work and
|
||||
clean up additional files and directories. Fixes bug 15053; bugfix
|
||||
on 0.2.7.0-alpha.
|
||||
|
||||
o Minor bugfixes (command-line interface):
|
||||
- When "--quiet" is provided along with "--validate-config", do not
|
||||
write anything to stdout on success. Fixes bug 14994; bugfix on
|
||||
0.2.3.3-alpha.
|
||||
write anything to stdout on success. Fixes bug 14994; bugfix
|
||||
on 0.2.3.3-alpha.
|
||||
- When complaining about bad arguments to "--dump-config", use
|
||||
stderr, not stdout.
|
||||
|
||||
o Minor bugfixes (configuration, unit tests):
|
||||
- Only add the default fallback directories when the DirAuthorities,
|
||||
AlternateDirAuthority, and FallbackDir directory config options
|
||||
are set to their defaults.
|
||||
The default fallback directory list is currently empty, this fix
|
||||
will only change tor's behaviour when it has default fallback
|
||||
directories.
|
||||
Includes unit tests for consider_adding_dir_servers().
|
||||
Fixes bug 15642; bugfix on 90f6071d8dc0 in 0.2.4.7-alpha.
|
||||
Patch by "teor".
|
||||
are set to their defaults. The default fallback directory list is
|
||||
currently empty, this fix will only change tor's behaviour when it
|
||||
has default fallback directories. Includes unit tests for
|
||||
consider_adding_dir_servers(). Fixes bug 15642; bugfix on
|
||||
90f6071d8dc0 in 0.2.4.7-alpha. Patch by "teor".
|
||||
|
||||
o Minor bugfixes (correctness):
|
||||
- Remove side-effects from tor_assert() calls. This was harmless,
|
||||
because we never disable assertions, but it is bad style and
|
||||
unnecessary. Fixes bug 15211; bugfix on 0.2.5.5, 0.2.2.36,
|
||||
and 0.2.0.10.
|
||||
- For correctness, avoid modifying a constant string in
|
||||
handle_control_postdescriptor. Fixes bug 15546; bugfix
|
||||
on 0.1.1.16-rc.
|
||||
|
||||
o Minor bugfixes (hidden service):
|
||||
- Remove an extraneous newline character from the end of hidden
|
||||
|
|
@ -135,61 +137,55 @@ Changes in version 0.2.7.1-alpha - 2015-05-??
|
|||
o Minor bugfixes (interface):
|
||||
- Print usage information for --dump-config when it is used without
|
||||
an argument. Also, fix the error message to use different wording
|
||||
and add newline at the end. Fixes bug 15541; bugfix on 0.2.5.1-alpha.
|
||||
and add newline at the end. Fixes bug 15541; bugfix
|
||||
on 0.2.5.1-alpha.
|
||||
|
||||
o Minor bugfixes (logs):
|
||||
- When building Tor under Clang, do not include an extra set of
|
||||
parentheses in log messages that include function names.
|
||||
Fixes bug 15269; bugfix on every released version of Tor when
|
||||
compiled with recent enough Clang.
|
||||
|
||||
o Minor bugfixes (test networks)
|
||||
- When self-testing reachability, use ExtendAllowPrivateAddresses
|
||||
to determine if local/private addresses imply reachability.
|
||||
The previous fix used TestingTorNetwork, which implies
|
||||
ExtendAllowPrivateAddresses, but this excluded rare configs where
|
||||
ExtendAllowPrivateAddresses is set but TestingTorNetwork is not.
|
||||
Fixes bug 15771; bugfix on 0.2.6.1-alpha.
|
||||
Patch by "teor", issue discovered by CJ Ess.
|
||||
|
||||
o Minor bugfixes (testing):
|
||||
- Set the severity correctly when testing get_interface_addresses_ifaddrs()
|
||||
and get_interface_addresses_win32(), so that the tests fail gracefully
|
||||
instead of triggering an assertion. Fixes bug 15759; bugfix on
|
||||
0.2.6.3-alpha. Reported by Nicolas Derive.
|
||||
- Check for matching value in server response in ntor_ref.py.
|
||||
Fixes bug 15591; bugfix on 0.2.4.8-alpha. Reported and fixed
|
||||
by "joelanders".
|
||||
|
||||
o Minor bugfixes (correctness):
|
||||
- Remove side-effects from tor_assert() calls. This was harmless,
|
||||
because we never disable assertions, but it is bad style and
|
||||
unnecessary. Fixes bug 15211; bugfix on 0.2.5.5, 0.2.2.36, and
|
||||
0.2.0.10.
|
||||
- For correctness, avoid modifying a constant string in
|
||||
handle_control_postdescriptor. Fixes bug 15546; bugfix on
|
||||
0.1.1.16-rc.
|
||||
parentheses in log messages that include function names. Fixes bug
|
||||
15269; bugfix on every released version of Tor when compiled with
|
||||
recent enough Clang.
|
||||
|
||||
o Minor bugfixes (network):
|
||||
- When attempting to use fallback technique for network interface
|
||||
lookup, disregard loopback and multicast addresses since they are
|
||||
unsuitable for public communications.
|
||||
|
||||
o Minor bugfixes (statistics):
|
||||
- Disregard the ConnDirectionStatistics torrc options when Tor is
|
||||
not a relay since in that mode of operation no sensible data is
|
||||
being collected and because Tor might run into measurement hiccups
|
||||
when running as a client for some time, then becoming a relay.
|
||||
Fixes bug 15604; bugfix on 0.2.2.35.
|
||||
|
||||
o Minor bugfixes (test networks):
|
||||
- When self-testing reachability, use ExtendAllowPrivateAddresses to
|
||||
determine if local/private addresses imply reachability. The
|
||||
previous fix used TestingTorNetwork, which implies
|
||||
ExtendAllowPrivateAddresses, but this excluded rare configs where
|
||||
ExtendAllowPrivateAddresses is set but TestingTorNetwork is not.
|
||||
Fixes bug 15771; bugfix on 0.2.6.1-alpha. Patch by "teor", issue
|
||||
discovered by CJ Ess.
|
||||
|
||||
o Minor bugfixes (testing):
|
||||
- Set the severity correctly when testing
|
||||
get_interface_addresses_ifaddrs() and
|
||||
get_interface_addresses_win32(), so that the tests fail gracefully
|
||||
instead of triggering an assertion. Fixes bug 15759; bugfix on
|
||||
0.2.6.3-alpha. Reported by Nicolas Derive.
|
||||
- Check for matching value in server response in ntor_ref.py. Fixes
|
||||
bug 15591; bugfix on 0.2.4.8-alpha. Reported and fixed
|
||||
by "joelanders".
|
||||
|
||||
o Code simplification and refactoring:
|
||||
- Move the hacky fallback code out of get_interface_address6()
|
||||
into separate function and get it covered with unit-tests. Resolves
|
||||
- Move the hacky fallback code out of get_interface_address6() into
|
||||
separate function and get it covered with unit-tests. Resolves
|
||||
ticket 14710.
|
||||
- Refactor hidden service client-side cache lookup to intelligently
|
||||
report its various failure cases, and disentangle failure cases
|
||||
involving a lack of introduction points. Closes ticket 14391.
|
||||
- Use our own Base64 encoder instead of OpenSSL's, to allow more control
|
||||
over the output. Part of ticket 15652.
|
||||
|
||||
o Removed code:
|
||||
- Remove `USE_OPENSSL_BASE64` and the corresponding fallback code and
|
||||
always use the internal Base64 decoder. The internal decoder has been
|
||||
part of tor since tor-0.2.0.10-alpha, and no one should be using the
|
||||
OpenSSL one. Part of ticket 15652.
|
||||
- Use our own Base64 encoder instead of OpenSSL's, to allow more
|
||||
control over the output. Part of ticket 15652.
|
||||
|
||||
o Documentation:
|
||||
- Improve the descriptions of statistics-related torrc options in
|
||||
|
|
@ -201,22 +197,21 @@ Changes in version 0.2.7.1-alpha - 2015-05-??
|
|||
Previously, we had used "router descriptor", "server descriptor",
|
||||
and "relay descriptor" interchangeably. Part of ticket 14987.
|
||||
|
||||
o New system requirements:
|
||||
- Tor no longer includes workarounds for Libevent versions before 1.3e.
|
||||
Libevent 2.0 or later is recommended. Closes ticket 15248.
|
||||
|
||||
o Removed code:
|
||||
- Remove `USE_OPENSSL_BASE64` and the corresponding fallback code
|
||||
and always use the internal Base64 decoder. The internal decoder
|
||||
has been part of tor since tor-0.2.0.10-alpha, and no one should
|
||||
be using the OpenSSL one. Part of ticket 15652.
|
||||
- Remove the 'tor_strclear()' function; use memwipe() instead.
|
||||
Closes ticket 14922.
|
||||
|
||||
o Removed features:
|
||||
- Remove the (seldom-used) DynamicDHGroups feature. For
|
||||
anti-fingerprinting we now recommend pluggable transports; for
|
||||
forward-secrecy in TLS, we now use the P-256 group.
|
||||
Closes ticket 13736.
|
||||
- Remove the (seldom-used) DynamicDHGroups feature. For anti-
|
||||
fingerprinting we now recommend pluggable transports; for forward-
|
||||
secrecy in TLS, we now use the P-256 group. Closes ticket 13736.
|
||||
- Remove the undocumented "--digests" command-line option. It
|
||||
complicated our build process, caused subtle build issues
|
||||
on multiple platforms, and is now redundant since we started
|
||||
complicated our build process, caused subtle build issues on
|
||||
multiple platforms, and is now redundant since we started
|
||||
including git version identifiers. Closes ticket 14742.
|
||||
- Tor no longer contains workarounds for stat files generated by
|
||||
super-old versions of Tor that didn't choose guards sensibly.
|
||||
|
|
|
|||
Loading…
Reference in New Issue