fold in changes for 0.2.4.10-alpha

1 files changed, 137 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index 7c5a490c4..0ed7f56c7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,140 @@
-Changes in version 0.2.4.10-alpha - 2013-0?-??
+Changes in version 0.2.4.10-alpha - 2013-02-04
+  Tor 0.2.4.10-alpha adds defenses at the directory authority level from
+  certain attacks that flood the network with relays; changes the queue
+  for circuit create requests from a sized-based limit to a time-based
+  limit; resumes building with MSVC on Windows; and fixes a wide variety
+  of other issues.
+
+  o Major bugfixes (directory authority):
+    - When computing directory thresholds, ignore any rejected-as-sybil
+      nodes during the computation so that they can't influence Fast,
+      Guard, etc. (We shoud have done this for proposal 109.) Fixes
+      bug 8146.
+    - When marking a node as a likely sybil, reset its uptime metrics
+      to zero, so that it cannot time towards getting marked as Guard,
+      Stable, or HSDir. (We shoud have done this for proposal 109.) Fixes
+      bug 8147.
+
+  o Major bugfixes:
+    - When a TLS write is partially successful but incomplete, remember
+      that the flushed part has been flushed, and notice that bytes were
+      actually written. Reported and fixed pseudonymously. Fixes bug
+      7708; bugfix on Tor 0.1.0.5-rc.
+    - Reject bogus create and relay cells with 0 circuit ID or 0 stream
+      ID: these could be used to create unexpected streams and circuits
+      which would count as "present" to some parts of Tor but "absent"
+      to others, leading to zombie circuits and streams or to a bandwidth
+      denial-of-service. Fixes bug 7889; bugfix on every released version
+      of Tor. Reported by "oftc_must_be_destroyed".
+    - Rename all macros in our local copy of queue.h to begin with "TOR_".
+      This change seems the only good way to permanently prevent conflicts
+      with queue.h on various operating systems. Fixes bug 8107; bugfix
+      on 0.2.4.6-alpha.
+
+  o Major features (relay):
+    - Instead of limiting the number of queued onionskins (aka circuit
+      create requests) to a fixed, hard-to-configure number, we limit
+      the size of the queue based on how many we expect to be able to
+      process in a given amount of time. We estimate the time it will
+      take to process an onionskin based on average processing time
+      of previous onionskins. Closes ticket 7291. You'll never have to
+      configure MaxOnionsPending again.
+
+  o Major features (portability):
+    - Resume building correctly with MSVC and Makefile.nmake. This patch
+      resolves numerous bugs and fixes reported by ultramage, including
+      7305, 7308, 7309, 7310, 7312, 7313, 7315, 7316, and 7669.
+    - Make the ntor and curve25519 code build correctly with MSVC.
+      Fix on 0.2.4.8-alpha.
+
+  o Minor features:
+    - When directory authorities are computing thresholds for flags,
+      never let the threshold for the Fast flag fall below 4096
+      bytes. Also, do not consider nodes with extremely low bandwidths
+      when deciding thresholds for various directory flags. This change
+      should raise our threshold for Fast relays, possibly in turn
+      improving overall network performance; see ticket 1854. Resolves
+      ticket 8145.
+    - The Tor client now ignores sub-domain components of a .onion
+      address. This change makes HTTP "virtual" hosting
+      possible: http://foo.aaaaaaaaaaaaaaaa.onion/ and
+      http://bar.aaaaaaaaaaaaaaaa.onion/ can be two different websites
+      hosted on the same hidden service. Implements proposal 204.
+    - We compute the overhead from passing onionskins back and forth to
+      cpuworkers, and report it when dumping statistics in response to
+      SIGUSR1. Supports ticket 7291.
+
+  o Minor features (path selection):
+    - When deciding whether we have enough descriptors to build circuits,
+      instead of looking at raw relay counts, look at which fraction
+      of (bandwidth-weighted) paths we're able to build. This approach
+      keeps clients from building circuits if their paths are likely to
+      stand out statistically. The default fraction of paths needed is
+      taken from the consensus directory; you can override it with the
+      new PathsNeededToBuildCircuits option. Fixes ticket 5956.
+    - When any country code is listed in ExcludeNodes or ExcludeExitNodes,
+      and we have GeoIP information, also exclude all nodes with unknown
+      countries "??" and "A1". This behavior is controlled by the
+      new GeoIPExcludeUnknown option: you can make such nodes always
+      excluded with "GeoIPExcludeUnknown 1", and disable the feature
+      with "GeoIPExcludeUnknown 0". Setting "GeoIPExcludeUnknown auto"
+      gets you the default behavior. Implements feature 7706.
+    - Path Use Bias: Perform separate accounting for successful circuit
+      use. Keep separate statistics on stream attempt rates versus stream
+      success rates for each guard. Provide configurable thresholds to
+      determine when to emit log messages or disable use of guards that
+      fail too many stream attempts. Resolves ticket 7802.
+
+  o Minor features (log messages):
+    - When learning a fingerprint for a bridge, log its corresponding
+      transport type. Implements ticket 7896.
+    - Improve the log message when "Bug/attack: unexpected sendme cell
+      from client" occurs, to help us track bug 8093.
+
+  o Minor bugfixes:
+    - Remove a couple of extraneous semicolons that were upsetting the
+      cparser library. Patch by Christian Grothoff. Fixes bug 7115;
+      bugfix on 0.2.2.1-alpha.
+    - Remove a source of rounding error during path bias count scaling;
+      don't count cannibalized circuits as used for path bias until we
+      actually try to use them; and fix a circuit_package_relay_cell()
+      warning message about n_chan==NULL. Fixes bug 7802.
+    - Detect nacl when its headers are in a nacl/ subdirectory. Also,
+      actually link against nacl when we're configured to use it. Fixes
+      bug 7972; bugfix on 0.2.4.8-alpha.
+    - Compile correctly with the --disable-curve25519 option. Fixes
+      bug 8153; bugfix on 0.2.4.8-alpha.
+
+  o Build improvements:
+    - Do not report status verbosely from autogen.sh unless the -v flag
+      is specified. Fixes issue 4664. Patch from Onizuka.
+    - Replace all calls to snprintf() outside of src/ext with
+      tor_snprintf(). Also remove the #define to replace snprintf with
+      _snprintf on Windows; they have different semantics, and all of
+      our callers should be using tor_snprintf() anyway. Fixes bug 7304.
+    - Try to detect if we are ever building on a platform where
+      memset(...,0,...) does not set the value of a double to 0.0. Such
+      platforms are permitted by the C standard, though in practice
+      they're pretty rare (since IEEE 754 is nigh-ubiquitous). We don't
+      currently support them, but it's better to detect them and fail
+      than to perform erroneously.
+
+  o Removed features:
+    - Stop exporting estimates of v2 and v3 directory traffic shares
+      in extrainfo documents. They were unneeded and sometimes inaccurate.
+      Also stop exporting any v2 directory request statistics. Resolves
+      ticket 5823.
+    - Drop support for detecting and warning about versions of Libevent
+      before 1.3e. Nothing reasonable ships with them any longer;
+      warning the user about them shouldn't be needed. Resolves ticket
+      6826.
+
+  o Code simplifications and refactoring:
+    - Rename "isin" functions to "contains", for grammar. Resolves
+      ticket 5285.
+    - Rename Tor's logging function log() to tor_log(), to avoid conflicts
+      with the natural logarithm function from the system libm. Resolves
+      ticket 7599.
 
 
 Changes in version 0.2.4.9-alpha - 2013-01-15