forward-port the 0.2.4.18-rc changelog
This commit is contained in:
Roger Dingledine
parent
7a2b30fe16
commit
dfc1b62fc5
93
ChangeLog
93
ChangeLog
|
|
@ -1,3 +1,96 @@
|
|||
Changes in version 0.2.4.18-rc - 2013-11-16
|
||||
Tor 0.2.4.18-rc is the fourth release candidate for the Tor 0.2.4.x
|
||||
series. It takes a variety of fixes from the 0.2.5.x branch to improve
|
||||
stability, performance, and better handling of edge cases.
|
||||
|
||||
o Major features:
|
||||
- Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later.
|
||||
Resolves ticket 6055. (OpenSSL before 1.0.1 didn't have TLS 1.1 or
|
||||
1.2, and OpenSSL from 1.0.1 through 1.0.1d had bugs that prevented
|
||||
renegotiation from working with TLS 1.1 or 1.2, so we had disabled
|
||||
them to solve bug 6033.)
|
||||
|
||||
o Major bugfixes:
|
||||
- No longer stop reading or writing on cpuworker connections when
|
||||
our rate limiting buckets go empty. Now we should handle circuit
|
||||
handshake requests more promptly. Resolves bug 9731.
|
||||
- If we are unable to save a microdescriptor to the journal, do not
|
||||
drop it from memory and then reattempt downloading it. Fixes bug
|
||||
9645; bugfix on 0.2.2.6-alpha.
|
||||
- Stop trying to bootstrap all our directory information from
|
||||
only our first guard. Discovered while fixing bug 9946; bugfix
|
||||
on 0.2.4.8-alpha.
|
||||
- The new channel code sometimes lost track of in-progress circuits,
|
||||
causing long-running clients to stop building new circuits. The
|
||||
fix is to always call circuit_n_chan_done(chan, 0) from
|
||||
channel_closed(). Fixes bug 9776; bugfix on 0.2.4.17-rc.
|
||||
|
||||
o Minor bugfixes (on 0.2.4.x):
|
||||
- Correctly log long IPv6 exit policies, instead of truncating them
|
||||
or reporting an error. Fixes bug 9596; bugfix on 0.2.4.7-alpha.
|
||||
- Our default TLS ecdhe groups were backwards: we meant to be using
|
||||
P224 for relays (for performance win) and P256 for bridges (since
|
||||
it is more common in the wild). Instead we had it backwards. After
|
||||
reconsideration, we decided that the default should be P256 on all
|
||||
hosts, since its security is probably better, and since P224 is
|
||||
reportedly used quite little in the wild. Found by "skruffy" on
|
||||
IRC. Fix for bug 9780; bugfix on 0.2.4.8-alpha.
|
||||
- Free directory authority certificate download statuses on exit
|
||||
rather than leaking them. Fixes bug 9644; bugfix on 0.2.4.13-alpha.
|
||||
|
||||
o Minor bugfixes (on 0.2.3.x and earlier):
|
||||
- If the guard we choose first doesn't answer, we would try the
|
||||
second guard, but once we connected to the second guard we would
|
||||
abandon it and retry the first one, slowing down bootstrapping.
|
||||
The fix is to treat all our initially chosen guards as acceptable
|
||||
to use. Fixes bug 9946; bugfix on 0.1.1.11-alpha.
|
||||
- Fix an assertion failure that would occur when disabling the
|
||||
ORPort setting on a running Tor process while accounting was
|
||||
enabled. Fixes bug 6979; bugfix on 0.2.2.18-alpha.
|
||||
- When examining the list of network interfaces to find our address,
|
||||
do not consider non-running or disabled network interfaces. Fixes
|
||||
bug 9904; bugfix on 0.2.3.11-alpha. Patch from "hantwister".
|
||||
- Avoid an off-by-one error when checking buffer boundaries when
|
||||
formatting the exit status of a pluggable transport helper.
|
||||
This is probably not an exploitable bug, but better safe than
|
||||
sorry. Fixes bug 9928; bugfix on 0.2.3.18-rc. Bug found by
|
||||
Pedro Ribeiro.
|
||||
|
||||
o Minor features (protecting client timestamps):
|
||||
- Clients no longer send timestamps in their NETINFO cells. These were
|
||||
not used for anything, and they provided one small way for clients
|
||||
to be distinguished from each other as they moved from network to
|
||||
network or behind NAT. Implements part of proposal 222.
|
||||
- Clients now round timestamps in INTRODUCE cells down to the nearest
|
||||
10 minutes. If a new Support022HiddenServices option is set to 0, or
|
||||
if it's set to "auto" and the feature is disabled in the consensus,
|
||||
the timestamp is sent as 0 instead. Implements part of proposal 222.
|
||||
- Stop sending timestamps in AUTHENTICATE cells. This is not such
|
||||
a big deal from a security point of view, but it achieves no actual
|
||||
good purpose, and isn't needed. Implements part of proposal 222.
|
||||
- Reduce down accuracy of timestamps in hidden service descriptors.
|
||||
Implements part of proposal 222.
|
||||
|
||||
o Minor features (other):
|
||||
- Improve the circuit queue out-of-memory handler. Previously, when
|
||||
we ran low on memory, we'd close whichever circuits had the most
|
||||
queued cells. Now, we close those that have the *oldest* queued
|
||||
cells, on the theory that those are most responsible for us
|
||||
running low on memory. Based on analysis from a forthcoming paper
|
||||
by Jansen, Tschorsch, Johnson, and Scheuermann. Fixes bug 9093.
|
||||
- Generate bootstrapping status update events correctly when fetching
|
||||
microdescriptors. Fixes bug 9927.
|
||||
- Update to the October 2 2013 Maxmind GeoLite Country database.
|
||||
|
||||
o Documentation fixes:
|
||||
- Clarify the usage and risks of setting the ContactInfo torrc line
|
||||
for your relay or bridge. Resolves ticket 9854.
|
||||
- Add anchors to the manpage so we can link to the html version of
|
||||
the documentation for specific options. Resolves ticket 9866.
|
||||
- Replace remaining references to DirServer in man page and
|
||||
log entries. Resolves ticket 10124.
|
||||
|
||||
|
||||
Changes in version 0.2.5.1-alpha - 2013-10-02
|
||||
Tor 0.2.5.1-alpha introduces experimental support for syscall sandboxing
|
||||
on Linux, allows bridges that offer pluggable transports to report usage
|
||||
|
|
|
|||
Loading…
Reference in New Issue