Edit 0.2.5.5-alpha changelog for terseness and grammar.

2014-06-18 11:49:50 -04:00 · 2014-06-18 11:49:50 -04:00 · 565c9d436f
parent 9329c3828d
commit 565c9d436f
1 changed files with 66 additions and 69 deletions
--- a/135
+++ b/135
@ -1,23 +1,22 @@
 Changes in version 0.2.5.5-alpha - 2014-06-1?
-  Write a blurb here.
+  Tor 0.2.5.5-alpha fixes a wide variety of remaining issues in the Tor
+  0.2.5.x release series, including a couple of DoS issues, some performance
+  regressions, and a large number of bugs affecting the Linux
+  seccomp2 sandbox code, and various other bugfixes. It also adds diagnostic
+  bugfixes for a few tricky issues that we're trying to track down.

  o Major features (security, traffic analysis resistance):
-    - Increase the base amount of time that a canonical connection (one
-      that we have made to a known OR) is allowed to stay idle from 3
-      minutes to 15 minutes. This leaks less information about when
-      circuits have closed, and avoids unnecessary overhead from
-      renegotiating connections. Part of a fix for ticket 6799.
-    - Instead of closing connections after they have been idle for a
-      fixed interval, randomly add up to 50% to each connection's
-      maximum timeout. This makes it harder to tell when the last
-      circuit closed by looking at when a connection closes. Part of a
-      fix for ticket 6799.
-    - Base connection idleness tests on the actual time elapsed since
-      the connection last had circuits, not on the time when we last
-      added non-padding. This change also makes it harder for an
-      observer to tell when the last circuit closed by looking at when a
-      connection closes. Part of a fix for ticket 6799. Incidentally
-      fixes bug 12023; bugfix on 0.2.5.1-alpha.
+    - Several major improvements to the algorithm used to decide
+      when to close TLS connections. Previous versions of Tor closed connections
+      at a fixed interval after the last time a non-padding cell was sent
+      over the connection, regardless of the target of the connection. Now,
+      we randomize the intervals by adding up to 50% of their base value,
+      we measure the length of time since connection last had at least one
+      circuit, and we we allow connections to known ORs to remain open a
+      little longer (15 minutes instead of 3 minutes minimum). These changes
+      should improve Tor's resistance against some kinds of traffic analysis,
+      and lower some overhead from needlessly closed connections. Fixes
+      ticket 6799. Incidentally fixes ticket 12023; bugfix on 0.2.5.1-alpha.

  o Major bugfixes (security, OOM, new since 0.2.5.4-alpha, also in 0.2.4.22):
    - Fix a memory leak that could occur if a microdescriptor parse
@ -25,23 +24,11 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
      exhaustion attack by directory servers. Fixes bug 11649; bugfix
      on 0.2.2.6-alpha.

-  o Major bugfixes (relay):
-    - When uploading to the directory authorities, use a direct dirport
-      connection if we are a uploading an ordinary, non-anonymous
-      directory object. Previously, relays would used tunnel connections
-      under a fairly wide variety of circumstances. Fixes bug 11469;
-      bugfix on 0.2.4.3-alpha.
-    - When a circuit accidentally has the same circuit ID for its
-      forward and reverse direction, correctly detect the direction of
-      cells using that circuit. Previously, this would have made roughly
-      one circuit in a million non-functional. Fixes bug 12195; this is
-      a bugfix on every version of Tor.
-
  o Major bugfixes (security, directory authorities):
    - Directory authorities now include a digest of each relay's
      identity key as a part of its microdescriptor.

-      This is a workaround for bug #11743 (reported by "cypherpunks"),
+      This is a workaround for bug 11743 (reported by "cypherpunks"),
      where Tor clients do not support receiving multiple
      microdescriptors with the same SHA256 digest in the same
      consensus. When clients receive a consensus like this, they only
@ -53,36 +40,49 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
      attacker from causing a microdescriptor collision, because the
      router's identity is not forgeable.

+  o Major bugfixes (relay):
+    - Use a direct dirport connection when uploading non-anonymous descriptors to the directory authorities.
+      object. Previously, relays would incorrectly use tunnel connections
+      under a fairly wide variety of circumstances. Fixes bug 11469; bugfix
+      on 0.2.4.3-alpha.
+    - When a circuit accidentally has the same circuit ID for its
+      forward and reverse direction, correctly detect the direction of
+      cells using that circuit. Previously, this bug made roughly
+      one circuit in a million non-functional. Fixes bug 12195; this is
+      a bugfix on every version of Tor.
+
  o Major bugfixes (client, pluggable transports):
    - When managing pluggable transports, use OS notification facilities
-      to learn if they have crashed, and do not attempt to kill any
-      process that has already exited. Fix for bug 8746; bugfix
+      to learn if they have crashed, and don't attempt to kill any
+      process that has already exited. Fixes bug 8746; bugfix
      on 0.2.3.6-alpha.

  o Minor features (diagnostic):
-    - When logging a warning because of bug #7164, additionally check
-      the hash table for consistency (as proposed on ticket #11737).
-      This may help diagnose bug #7164.
+    - When logging a warning because of bug 7164, additionally check
+      the hash table for consistency (as proposed on ticket 11737).
+      This may help diagnose bug 7164.
    - When we log a heartbeat, log how many one-hop circuits we have
      that are at least 30 minutes old, and log status information about
      a few of them. This is an attempt to track down bug 8387.
-    - When we encounter an unexpected CR in text that we're trying to
-      write to a file on Windows, log the name of the file. Should help
+    - When encountering an unexpected CR while writing text to a
+      file on Windows, log the name of the file. Should help
      diagnosing bug 11233.
-    - Give more specific warnings when we notice at the client side that
+    - Give more specific warnings when a client notices that
      an onion handshake has failed. Fixes ticket 9635.
    - Add significant new logging code to attempt to diagnose bug 12184,
      where relays seem to run out of available circuit IDs.
-    - Improve the diagnostic log message for bug #8387 even further to
+    - Improve the diagnostic log message for bug 8387 even further to
      try to improve our odds of figuring out why one-hop directory
      circuits sometimes do not get closed.

  o Minor features (security, memory management):
-    - Add configure options controlling allocator tricks like mempools
-      and freelists, and turn them off by default; on most platforms
-      malloc is reasonable enough for this not to be necessary, and a
-      similar feature in OpenSSL exacerbated Heartbleed. Fixes
-      bug #11476.
+    - Memory allocation tricks (mempools and buffer freelists)
+      are now disabled by default. You can turn them back on with
+      --enable-mempools and --enable-buf-freelists respectively.
+      We're disabling these features because malloc performance is good
+      enough on most platforms, and a
+      similar feature in OpenSSL exacerbated exploitation of the Heartbleed
+      attack. Resolves ticket 11476.

  o Minor features (security):
    - Apply the secure SipHash-2-4 function to the hash table mapping
@ -99,21 +99,22 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
    - Update geoip and geoip6 to the June 4 2014 Maxmind GeoLite2
      Country database.

-  o Minor bugfixes (configuration, security, new since 0.2.5.4-alpha, also in 0.2.4.22):
+  o Minor bugfixes (security, new since 0.2.5.4-alpha, also in 0.2.4.22):
    - When running a hidden service, do not allow TunneledDirConns 0;
      this will keep the hidden service from running, and also
      make it publish its descriptors directly over HTTP. Fixes bug 10849;
      bugfix on 0.2.1.1-alpha.

  o Minor bugfixes (performance):
-    - Do not recompute whether we have sufficient information to build
-      circuits every time we make a successful connection. Previously,
-      we would forget our cached value for this flag every time we
+    - Avoid a bug where every successful connection made us recompute the
+      flag telling us whether we have sufficient information to build
+      circuits. Previously,
+      we would forget our cached value
      successfully opened a channel (or marked a router as running or
      not running for any other reason), regardless of whether we had
      previously believed the router to be running. This forced us to
-      run a fairly expensive update operation with relatively high
-      frequency. Fixes bug 12170; bugfix on 0.1.2.1-alpha.
+      run an expensive update operation far too often.
+      Fixes bug 12170; bugfix on 0.1.2.1-alpha.
    - Avoid using tor_memeq() for checking relay cell integrity. This
      removes a possible performance bottleneck. Fixes part of bug
      12169; bugfix on 0.2.1.31.
@ -135,6 +136,8 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
      0.2.4.8-alpha. Patch from "conradev".
    - Fix compilation when DNS_CACHE_DEBUG is enabled. Fixes bug 11761;
      bugfix on 0.2.3.13-alpha. Found by "cypherpunks".
+    - Fix compilation with dmalloc. Fixes bug 11605; bugfix
+      on 0.2.4.10-alpha.

  o Minor bugfixes (Directory server):
    - When sending a compressed set of descriptors or microdescriptors,
@ -144,17 +147,8 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
      finished. This caused problems for decompression tools. Fixes bug
      11648; bugfix on 0.1.1.23.

-  o Minor bugfixes (dmalloc):
-    - Fix compilation with dmalloc. Fixes bug 11605; bugfix
-      on 0.2.4.10-alpha.
-
-  o Minor bugfixes (documentation):
-    - Correct the documenation so that it lists the correct directories
-      for the stats files. (They are in a subdirectory called "stats",
-      not "status".)
-
  o Minor bugfixes (Linux seccomp sandbox):
-    - Make the seccomp sandbox code compile with ARM linux. Fixes bug
+    - Make the seccomp sandbox code compile under ARM linux. Fixes bug
      11622; bugfix on 0.2.5.1-alpha.
    - Avoid crashing when re-opening listener ports with the seccomp
      sandbox active. Fixes bug 12115; bugfix on 0.2.5.1-alpha.
@ -185,9 +179,9 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
    - Avoid warnings when running with sandboxing enabled at the same
      time as cookie authentication, hidden services or directory
      authority voting. Fixes part of 12064; bugfix on 0.2.5.1-alpha.
-    - Do not allow options which would require us to call exec to be
-      enabled along with the seccomp2 sandbox: they will inevitably
-      crash. Fix for bug 12043; bugfix on 0.2.5.1-alpha.
+    - Do not allow options that require calls to exec to be
+      enabled alongside the seccomp2 sandbox: they will inevitably
+      crash. Fixes bug 12043; bugfix on 0.2.5.1-alpha.
    - Handle failures in getpwnam()/getpwuid() when running with the
      User option set and the Linux syscall sandbox enabled. Fixes bug
      11946; bugfix on 0.2.5.1-alpha.
@ -213,7 +207,7 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
    - Avoid "Tried to open a socket with DisableNetwork set" warnings
      when starting a client with bridges configured and DisableNetwork
      set. (Tor launcher starts Tor with DisableNetwork set the first
-      time.) Fixes bug 10405; bugfix on 0.2.3.9-alpha.
+      time it runs.) Fixes bug 10405; bugfix on 0.2.3.9-alpha.

  o Minor bugfixes (testing):
    - The Python parts of the test scripts now work on Python 3 as well
@ -261,15 +255,15 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
      v2 link handshake. Fixes bug 12227; bugfix on 0.2.4.8-alpha. Found
      by "starlight".
    - When rejecting DATA cells for stream_id zero, still count them
-      against the circuit's deliver window so that we don't get fail to
-      send a SENDME. Fix for bug 11246; bugfix on 0.2.4.10-alpha.
+      against the circuit's deliver window so that we don't fail to
+      send a SENDME. Fixes bug 11246; bugfix on 0.2.4.10-alpha.

  o Minor bugfixes (logging):
    - Fix a misformatted log message about delayed directory fetches.
      Fixes bug 11654; bugfix on 0.2.5.3-alpha.
    - Squelch a spurious LD_BUG message "No origin circuit for
      successful SOCKS stream" in certain hidden service failure cases;
-      fixes bug #10616.
+      fixes bug 10616.

  o Distribution:
    - Include a tor.service file in contrib/dist for use with systemd.
@ -283,14 +277,17 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
      directory authority options, remove the documentation for a
      V2-directory fetching option that no longer exists. Resolves
      ticket 11634.
+    - Correct the documenation so that it lists the correct directory
+      for the stats files. (They are in a subdirectory called "stats",
+      not "status".)
    - In the manpage, move more authority-only options into the
      directory authority section so that operators of regular directory
      caches don't get confused.

  o Package cleanup:
-    - The contrib directory has been sorted and tidy. Before, it was an
+    - The contrib directory has been sorted and tidied. Before, it was an
      unsorted dumping ground for useful and not-so-useful things. Now,
-      it has been divided based on functionality, and the items which
+      it is divided based on functionality, and the items which
      seemed to be nonfunctional or useless have been removed. Resolves
      ticket 8966; based on patches from "rl1987".