aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2014-06-18 11:49:50 -0400
committerNick Mathewson <nickm@torproject.org>2014-06-18 11:49:50 -0400
commit565c9d436f52467d004c351eacfab5db8c17ac83 (patch)
tree1735a0eabe82649d7d92fd01767a6142be132ffc
parent9329c3828d55a80e3dec5b41afc3ce3778ca7d5b (diff)
downloadtor-565c9d436f52467d004c351eacfab5db8c17ac83.tar
tor-565c9d436f52467d004c351eacfab5db8c17ac83.tar.gz
Edit 0.2.5.5-alpha changelog for terseness and grammar.
-rw-r--r--ChangeLog135
1 files changed, 66 insertions, 69 deletions
diff --git a/ChangeLog b/ChangeLog
index cddd5adbf..a2067249d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,23 +1,22 @@
Changes in version 0.2.5.5-alpha - 2014-06-1?
- Write a blurb here.
+ Tor 0.2.5.5-alpha fixes a wide variety of remaining issues in the Tor
+ 0.2.5.x release series, including a couple of DoS issues, some performance
+ regressions, and a large number of bugs affecting the Linux
+ seccomp2 sandbox code, and various other bugfixes. It also adds diagnostic
+ bugfixes for a few tricky issues that we're trying to track down.
o Major features (security, traffic analysis resistance):
- - Increase the base amount of time that a canonical connection (one
- that we have made to a known OR) is allowed to stay idle from 3
- minutes to 15 minutes. This leaks less information about when
- circuits have closed, and avoids unnecessary overhead from
- renegotiating connections. Part of a fix for ticket 6799.
- - Instead of closing connections after they have been idle for a
- fixed interval, randomly add up to 50% to each connection's
- maximum timeout. This makes it harder to tell when the last
- circuit closed by looking at when a connection closes. Part of a
- fix for ticket 6799.
- - Base connection idleness tests on the actual time elapsed since
- the connection last had circuits, not on the time when we last
- added non-padding. This change also makes it harder for an
- observer to tell when the last circuit closed by looking at when a
- connection closes. Part of a fix for ticket 6799. Incidentally
- fixes bug 12023; bugfix on 0.2.5.1-alpha.
+ - Several major improvements to the algorithm used to decide
+ when to close TLS connections. Previous versions of Tor closed connections
+ at a fixed interval after the last time a non-padding cell was sent
+ over the connection, regardless of the target of the connection. Now,
+ we randomize the intervals by adding up to 50% of their base value,
+ we measure the length of time since connection last had at least one
+ circuit, and we we allow connections to known ORs to remain open a
+ little longer (15 minutes instead of 3 minutes minimum). These changes
+ should improve Tor's resistance against some kinds of traffic analysis,
+ and lower some overhead from needlessly closed connections. Fixes
+ ticket 6799. Incidentally fixes ticket 12023; bugfix on 0.2.5.1-alpha.
o Major bugfixes (security, OOM, new since 0.2.5.4-alpha, also in 0.2.4.22):
- Fix a memory leak that could occur if a microdescriptor parse
@@ -25,23 +24,11 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
exhaustion attack by directory servers. Fixes bug 11649; bugfix
on 0.2.2.6-alpha.
- o Major bugfixes (relay):
- - When uploading to the directory authorities, use a direct dirport
- connection if we are a uploading an ordinary, non-anonymous
- directory object. Previously, relays would used tunnel connections
- under a fairly wide variety of circumstances. Fixes bug 11469;
- bugfix on 0.2.4.3-alpha.
- - When a circuit accidentally has the same circuit ID for its
- forward and reverse direction, correctly detect the direction of
- cells using that circuit. Previously, this would have made roughly
- one circuit in a million non-functional. Fixes bug 12195; this is
- a bugfix on every version of Tor.
-
o Major bugfixes (security, directory authorities):
- Directory authorities now include a digest of each relay's
identity key as a part of its microdescriptor.
- This is a workaround for bug #11743 (reported by "cypherpunks"),
+ This is a workaround for bug 11743 (reported by "cypherpunks"),
where Tor clients do not support receiving multiple
microdescriptors with the same SHA256 digest in the same
consensus. When clients receive a consensus like this, they only
@@ -53,36 +40,49 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
attacker from causing a microdescriptor collision, because the
router's identity is not forgeable.
+ o Major bugfixes (relay):
+ - Use a direct dirport connection when uploading non-anonymous descriptors to the directory authorities.
+ object. Previously, relays would incorrectly use tunnel connections
+ under a fairly wide variety of circumstances. Fixes bug 11469; bugfix
+ on 0.2.4.3-alpha.
+ - When a circuit accidentally has the same circuit ID for its
+ forward and reverse direction, correctly detect the direction of
+ cells using that circuit. Previously, this bug made roughly
+ one circuit in a million non-functional. Fixes bug 12195; this is
+ a bugfix on every version of Tor.
+
o Major bugfixes (client, pluggable transports):
- When managing pluggable transports, use OS notification facilities
- to learn if they have crashed, and do not attempt to kill any
- process that has already exited. Fix for bug 8746; bugfix
+ to learn if they have crashed, and don't attempt to kill any
+ process that has already exited. Fixes bug 8746; bugfix
on 0.2.3.6-alpha.
o Minor features (diagnostic):
- - When logging a warning because of bug #7164, additionally check
- the hash table for consistency (as proposed on ticket #11737).
- This may help diagnose bug #7164.
+ - When logging a warning because of bug 7164, additionally check
+ the hash table for consistency (as proposed on ticket 11737).
+ This may help diagnose bug 7164.
- When we log a heartbeat, log how many one-hop circuits we have
that are at least 30 minutes old, and log status information about
a few of them. This is an attempt to track down bug 8387.
- - When we encounter an unexpected CR in text that we're trying to
- write to a file on Windows, log the name of the file. Should help
+ - When encountering an unexpected CR while writing text to a
+ file on Windows, log the name of the file. Should help
diagnosing bug 11233.
- - Give more specific warnings when we notice at the client side that
+ - Give more specific warnings when a client notices that
an onion handshake has failed. Fixes ticket 9635.
- Add significant new logging code to attempt to diagnose bug 12184,
where relays seem to run out of available circuit IDs.
- - Improve the diagnostic log message for bug #8387 even further to
+ - Improve the diagnostic log message for bug 8387 even further to
try to improve our odds of figuring out why one-hop directory
circuits sometimes do not get closed.
o Minor features (security, memory management):
- - Add configure options controlling allocator tricks like mempools
- and freelists, and turn them off by default; on most platforms
- malloc is reasonable enough for this not to be necessary, and a
- similar feature in OpenSSL exacerbated Heartbleed. Fixes
- bug #11476.
+ - Memory allocation tricks (mempools and buffer freelists)
+ are now disabled by default. You can turn them back on with
+ --enable-mempools and --enable-buf-freelists respectively.
+ We're disabling these features because malloc performance is good
+ enough on most platforms, and a
+ similar feature in OpenSSL exacerbated exploitation of the Heartbleed
+ attack. Resolves ticket 11476.
o Minor features (security):
- Apply the secure SipHash-2-4 function to the hash table mapping
@@ -99,21 +99,22 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
- Update geoip and geoip6 to the June 4 2014 Maxmind GeoLite2
Country database.
- o Minor bugfixes (configuration, security, new since 0.2.5.4-alpha, also in 0.2.4.22):
+ o Minor bugfixes (security, new since 0.2.5.4-alpha, also in 0.2.4.22):
- When running a hidden service, do not allow TunneledDirConns 0;
this will keep the hidden service from running, and also
make it publish its descriptors directly over HTTP. Fixes bug 10849;
bugfix on 0.2.1.1-alpha.
o Minor bugfixes (performance):
- - Do not recompute whether we have sufficient information to build
- circuits every time we make a successful connection. Previously,
- we would forget our cached value for this flag every time we
+ - Avoid a bug where every successful connection made us recompute the
+ flag telling us whether we have sufficient information to build
+ circuits. Previously,
+ we would forget our cached value
successfully opened a channel (or marked a router as running or
not running for any other reason), regardless of whether we had
previously believed the router to be running. This forced us to
- run a fairly expensive update operation with relatively high
- frequency. Fixes bug 12170; bugfix on 0.1.2.1-alpha.
+ run an expensive update operation far too often.
+ Fixes bug 12170; bugfix on 0.1.2.1-alpha.
- Avoid using tor_memeq() for checking relay cell integrity. This
removes a possible performance bottleneck. Fixes part of bug
12169; bugfix on 0.2.1.31.
@@ -135,6 +136,8 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
0.2.4.8-alpha. Patch from "conradev".
- Fix compilation when DNS_CACHE_DEBUG is enabled. Fixes bug 11761;
bugfix on 0.2.3.13-alpha. Found by "cypherpunks".
+ - Fix compilation with dmalloc. Fixes bug 11605; bugfix
+ on 0.2.4.10-alpha.
o Minor bugfixes (Directory server):
- When sending a compressed set of descriptors or microdescriptors,
@@ -144,17 +147,8 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
finished. This caused problems for decompression tools. Fixes bug
11648; bugfix on 0.1.1.23.
- o Minor bugfixes (dmalloc):
- - Fix compilation with dmalloc. Fixes bug 11605; bugfix
- on 0.2.4.10-alpha.
-
- o Minor bugfixes (documentation):
- - Correct the documenation so that it lists the correct directories
- for the stats files. (They are in a subdirectory called "stats",
- not "status".)
-
o Minor bugfixes (Linux seccomp sandbox):
- - Make the seccomp sandbox code compile with ARM linux. Fixes bug
+ - Make the seccomp sandbox code compile under ARM linux. Fixes bug
11622; bugfix on 0.2.5.1-alpha.
- Avoid crashing when re-opening listener ports with the seccomp
sandbox active. Fixes bug 12115; bugfix on 0.2.5.1-alpha.
@@ -185,9 +179,9 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
- Avoid warnings when running with sandboxing enabled at the same
time as cookie authentication, hidden services or directory
authority voting. Fixes part of 12064; bugfix on 0.2.5.1-alpha.
- - Do not allow options which would require us to call exec to be
- enabled along with the seccomp2 sandbox: they will inevitably
- crash. Fix for bug 12043; bugfix on 0.2.5.1-alpha.
+ - Do not allow options that require calls to exec to be
+ enabled alongside the seccomp2 sandbox: they will inevitably
+ crash. Fixes bug 12043; bugfix on 0.2.5.1-alpha.
- Handle failures in getpwnam()/getpwuid() when running with the
User option set and the Linux syscall sandbox enabled. Fixes bug
11946; bugfix on 0.2.5.1-alpha.
@@ -213,7 +207,7 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
- Avoid "Tried to open a socket with DisableNetwork set" warnings
when starting a client with bridges configured and DisableNetwork
set. (Tor launcher starts Tor with DisableNetwork set the first
- time.) Fixes bug 10405; bugfix on 0.2.3.9-alpha.
+ time it runs.) Fixes bug 10405; bugfix on 0.2.3.9-alpha.
o Minor bugfixes (testing):
- The Python parts of the test scripts now work on Python 3 as well
@@ -261,15 +255,15 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
v2 link handshake. Fixes bug 12227; bugfix on 0.2.4.8-alpha. Found
by "starlight".
- When rejecting DATA cells for stream_id zero, still count them
- against the circuit's deliver window so that we don't get fail to
- send a SENDME. Fix for bug 11246; bugfix on 0.2.4.10-alpha.
+ against the circuit's deliver window so that we don't fail to
+ send a SENDME. Fixes bug 11246; bugfix on 0.2.4.10-alpha.
o Minor bugfixes (logging):
- Fix a misformatted log message about delayed directory fetches.
Fixes bug 11654; bugfix on 0.2.5.3-alpha.
- Squelch a spurious LD_BUG message "No origin circuit for
successful SOCKS stream" in certain hidden service failure cases;
- fixes bug #10616.
+ fixes bug 10616.
o Distribution:
- Include a tor.service file in contrib/dist for use with systemd.
@@ -283,14 +277,17 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
directory authority options, remove the documentation for a
V2-directory fetching option that no longer exists. Resolves
ticket 11634.
+ - Correct the documenation so that it lists the correct directory
+ for the stats files. (They are in a subdirectory called "stats",
+ not "status".)
- In the manpage, move more authority-only options into the
directory authority section so that operators of regular directory
caches don't get confused.
o Package cleanup:
- - The contrib directory has been sorted and tidy. Before, it was an
+ - The contrib directory has been sorted and tidied. Before, it was an
unsorted dumping ground for useful and not-so-useful things. Now,
- it has been divided based on functionality, and the items which
+ it is divided based on functionality, and the items which
seemed to be nonfunctional or useless have been removed. Resolves
ticket 8966; based on patches from "rl1987".