diff options
-rw-r--r-- | ChangeLog | 160 |
1 files changed, 69 insertions, 91 deletions
@@ -1,38 +1,40 @@ Changes in version 0.2.5.2 - 2013-01-?? -ALSO IN 0.2.4.18-rc - o Major bugfixes: - - Do not apply connection_consider_empty_read/write_buckets to - non-rate-limited connections. - (This was #9731.) - o Documentation: - - Add anchors to the manpage so we can link to the documentation for - specific options. Resolves ticket 9866. - o Documentation fixes: - - Clarify the usage and risks of ContactInfo. Resolves ticket 9854. + o Major bugfixes (new since 0.2.5.1-alpha, also in 0.2.4.20): + - Do not allow OpenSSL engines to replace the PRNG, even when + HardwareAccel is set. The only default builtin PRNG engine uses + the Intel RDRAND instruction to replace the entire PRNG, and + ignores all attempts to seed it with more entropy. That's + cryptographically stupid: the right response to a new alleged + entropy source is never to discard all previously used entropy + sources. Fixes bug 10402; works around behavior introduced in + OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman" + and "rl1987". + - Fix assertion failure when AutomapHostsOnResolve yields an IPv6 + address. Fixes bug 10465; bugfix on 0.2.4.7-alpha. + - Avoid launching spurious extra circuits when a stream is pending. + This fixes a bug where any circuit that _wasn't_ unusable for new + streams would be treated as if it were, causing extra circuits to + be launched. Fixes bug 10456; bugfix on 0.2.4.12-alpha. - o Documentation: - - Replace remaining references to DirServer in man page and - log entries. Resolves ticket 10124. - o Minor bugfixes: - - Fix an assertion failure that would occur when disabling the - ORPort setting on a running Tor process while accounting was - enabled. Fixes bug 6979; bugfix on 0.2.2.18-alpha. - o Minor features: - - Improve the circuit queue out-of-memory handler. Previously, when - we ran low on memory, we'd close whichever circuits had the most - queued cells. Now, we close those that have the *oldest* queued - cells, on the theory that those are most responsible for us - running low on memory. Based on analysis from a forthcoming paper - by Jansen, Tschorsch, Johnson, and Scheuermann. Fixes bug 9093. - o Minor bugfixes: - - Correctly log long IPv6 exit policy, instead of truncating them + o Major bugfixes (new since 0.2.5.1-alpha, also in 0.2.4.18-rc): + - No longer stop reading or writing on cpuworker connections when + our rate limiting buckets go empty. Now we should handle circuit + handshake requests more promptly. Resolves bug 9731. + - Stop trying to bootstrap all our directory information from + only our first guard. Discovered while fixing bug 9946; bugfix + on 0.2.4.8-alpha. + + o Minor bugfixes (new since 0.2.5.1-alpha, also in 0.2.4.20): + - Avoid a crash bug when starting with a corrupted microdescriptor + cache file. Fixes bug 10406; bugfix on 0.2.2.6-alpha. + - If we fail to dump a previously cached microdescriptor to disk, avoid + freeing duplicate data later on. Fixes bug 10423; bugfix on + 0.2.4.13-alpha. Spotted by "bobnomnom". + + o Minor bugfixes on 0.2.4.x (new since 0.2.5.1-alpha, also in 0.2.4.18-rc): + - Correctly log long IPv6 exit policies, instead of truncating them or reporting an error. Fixes bug 9596; bugfix on 0.2.4.7-alpha. - o Minor bugfixes: - - Fix a small memory leak on exit. (We weren't freeing directory - authority certificate download statuses.) Fixes bug 9644; bugfix - on 0.2.4.13-alpha. - o Minor bugfixes (performance, fingerprinting): - Our default TLS ecdhe groups were backwards: we meant to be using P224 for relays (for performance win) and P256 for bridges (since it is more common in the wild). Instead we had it backwards. After @@ -40,75 +42,51 @@ ALSO IN 0.2.4.18-rc hosts, since its security is probably better, and since P224 is reportedly used quite little in the wild. Found by "skruffy" on IRC. Fix for bug 9780; bugfix on 0.2.4.8-alpha. - o Minor bugfixes: - - When closing a channel that has already been open, do not close - pending circuits that were waiting to connect to the same relay. - Fixes bug 9880; bugfix on 0.2.5.1-alpha. Thanks to skruffy for - finding this bug. (Bug was merged to 0.2.4 branch but not released - in any 0.2.4 version) - o Minor bugfixes: - - When examining list of network interfaces to find our address, do - not consider non-running or disabled network interfaces. Fixes bug - 9904; bugfix on 0.2.3.11-alpha. Patch from "hantwister". - o Minor features: - - Generate bootstrapping status update events correctly for fetching - microdescriptors. Fixes bug 9927. - o Minor bugfixes: - - Avoid an off-by-one error when checking buffer boundaries when - formatting the exit status of a pluggable transport helper. - This is probably not an exploitable bug, but better safe than - sorry. Fixes bug 9928; bugfix on 0.2.3.18-rc. Bug found by - Pedro Ribeiro. - o Minor bugfixes: + - Free directory authority certificate download statuses on exit + rather than leaking them. Fixes bug 9644; bugfix on 0.2.4.13-alpha. + + o Minor bugfixes on 0.2.3.x (new since 0.2.5.1-alpha, also in 0.2.4.18-rc): - If the guard we choose first doesn't answer, we would try the second guard, but once we connected to the second guard we would abandon it and retry the first one, slowing down bootstrapping. The fix is to treat all our initially chosen guards as acceptable to use. Fixes bug 9946; bugfix on 0.1.1.11-alpha. + - Fix an assertion failure that would occur when disabling the + ORPort setting on a running Tor process while accounting was + enabled. Fixes bug 6979; bugfix on 0.2.2.18-alpha. + - When examining the list of network interfaces to find our address, + do not consider non-running or disabled network interfaces. Fixes + bug 9904; bugfix on 0.2.3.11-alpha. Patch from "hantwister". + - Avoid an off-by-one error when checking buffer boundaries when + formatting the exit status of a pluggable transport helper. + This is probably not an exploitable bug, but better safe than + sorry. Fixes bug 9928; bugfix on 0.2.3.18-rc. Bug found by + Pedro Ribeiro. - o Major bugfixes: - - Stop trying to fetch all our directory information from our first - guard. Discovered while fixing bug 9946; bugfix on 0.2.4.8-alpha. - - o Minor features: - - Update to the October 2 2013 Maxmind GeoLite Country database. -============================== -ALSO IN 0.2.4.19: - - (Nothing, since 0.2.4.19 is the same as 0.2.4.18-rc) - -============================== -ALSO IN 0.2.4.20: - - o Major bugfixes: - - Do not allow OpenSSL engines to replace the PRNG, even when - HardwareAccel is set. The only default builtin PRNG engine uses - the Intel RDRAND instruction to replace the entire PRNG, and - ignores all attempts to seed it with more entropy. That's - cryptographically stupid: the right response to a new alleged - entropy source is never to discard all previously used entropy - sources. Fixes bug 10402; works around behavior introduced in - OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman" - and "rl1987". - - o Minor bugfixes: - - Avoid a crash bug when starting with a corrupted microdescriptor - cache file. Fix for bug 10406; bugfix on 0.2.2.6-alpha. o Minor bugfixes: - - If we fail to dump a previously cached microdescriptor to disk, avoid - freeing duplicate data later on. Fix for bug 10423; bugfix on - 0.2.4.13-alpha. Spotted by "bobnomnom". - o Major bugfixes: - - Avoid launching spurious extra circuits when a stream is pending. - This fixes a bug where any circuit that _wasn't_ unusable for new - streams would be treated as if it were, causing extra circuits to - be launched. Fixes bug 10456; bugfix on 0.2.4.12-alpha. + - When closing a channel that has already been open, do not close + pending circuits that were waiting to connect to the same relay. + Fixes bug 9880; bugfix on 0.2.5.1-alpha. Thanks to skruffy for + finding this bug. - o Major bugfixes: - - Fix assertion failure when AutomapHostsOnResolve yields an IPv6 - address. Fixes bug 10465; bugfix on 0.2.4.7-alpha. + o Minor features (new since 0.2.5.1-alpha, also in 0.2.4.18-rc): + - Improve the circuit queue out-of-memory handler. Previously, when + we ran low on memory, we'd close whichever circuits had the most + queued cells. Now, we close those that have the *oldest* queued + cells, on the theory that those are most responsible for us + running low on memory. Based on analysis from a forthcoming paper + by Jansen, Tschorsch, Johnson, and Scheuermann. Fixes bug 9093. + - Generate bootstrapping status update events correctly when fetching + microdescriptors. Fixes bug 9927. + - Update to the October 2 2013 Maxmind GeoLite Country database. -============================== + o Documentation fixes (new since 0.2.5.1-alpha, also in 0.2.4.18-rc): + - Clarify the usage and risks of setting the ContactInfo torrc line + for your relay or bridge. Resolves ticket 9854. + - Add anchors to the manpage so we can link to the html version of + the documentation for specific options. Resolves ticket 9866. + - Replace remaining references to DirServer in man page and + log entries. Resolves ticket 10124. Changes in version 0.2.4.20 - 2013-12-22 |