From a94a39ffc14f5516983b6c8f896088b9b6adda59 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 18 Jun 2014 11:51:27 -0400 Subject: Re-wrap the 0.2.5.5-alpha changelog --- ChangeLog | 101 +++++++++++++++++++++++++++++++------------------------------- 1 file changed, 51 insertions(+), 50 deletions(-) diff --git a/ChangeLog b/ChangeLog index a2067249d..503e8904a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,22 +1,24 @@ Changes in version 0.2.5.5-alpha - 2014-06-1? Tor 0.2.5.5-alpha fixes a wide variety of remaining issues in the Tor - 0.2.5.x release series, including a couple of DoS issues, some performance - regressions, and a large number of bugs affecting the Linux - seccomp2 sandbox code, and various other bugfixes. It also adds diagnostic - bugfixes for a few tricky issues that we're trying to track down. + 0.2.5.x release series, including a couple of DoS issues, some + performance regressions, and a large number of bugs affecting the + Linux seccomp2 sandbox code, and various other bugfixes. It also adds + diagnostic bugfixes for a few tricky issues that we're trying to + track down. o Major features (security, traffic analysis resistance): - - Several major improvements to the algorithm used to decide - when to close TLS connections. Previous versions of Tor closed connections - at a fixed interval after the last time a non-padding cell was sent - over the connection, regardless of the target of the connection. Now, - we randomize the intervals by adding up to 50% of their base value, - we measure the length of time since connection last had at least one - circuit, and we we allow connections to known ORs to remain open a - little longer (15 minutes instead of 3 minutes minimum). These changes - should improve Tor's resistance against some kinds of traffic analysis, - and lower some overhead from needlessly closed connections. Fixes - ticket 6799. Incidentally fixes ticket 12023; bugfix on 0.2.5.1-alpha. + - Several major improvements to the algorithm used to decide when to + close TLS connections. Previous versions of Tor closed connections + at a fixed interval after the last time a non-padding cell was + sent over the connection, regardless of the target of the + connection. Now, we randomize the intervals by adding up to 50% of + their base value, we measure the length of time since connection + last had at least one circuit, and we we allow connections to + known ORs to remain open a little longer (15 minutes instead of 3 + minutes minimum). These changes should improve Tor's resistance + against some kinds of traffic analysis, and lower some overhead + from needlessly closed connections. Fixes ticket 6799. + Incidentally fixes ticket 12023; bugfix on 0.2.5.1-alpha. o Major bugfixes (security, OOM, new since 0.2.5.4-alpha, also in 0.2.4.22): - Fix a memory leak that could occur if a microdescriptor parse @@ -41,15 +43,16 @@ Changes in version 0.2.5.5-alpha - 2014-06-1? router's identity is not forgeable. o Major bugfixes (relay): - - Use a direct dirport connection when uploading non-anonymous descriptors to the directory authorities. - object. Previously, relays would incorrectly use tunnel connections - under a fairly wide variety of circumstances. Fixes bug 11469; bugfix + - Use a direct dirport connection when uploading non-anonymous + descriptors to the directory authorities. object. Previously, + relays would incorrectly use tunnel connections under a fairly + wide variety of circumstances. Fixes bug 11469; bugfix on 0.2.4.3-alpha. - When a circuit accidentally has the same circuit ID for its forward and reverse direction, correctly detect the direction of - cells using that circuit. Previously, this bug made roughly - one circuit in a million non-functional. Fixes bug 12195; this is - a bugfix on every version of Tor. + cells using that circuit. Previously, this bug made roughly one + circuit in a million non-functional. Fixes bug 12195; this is a + bugfix on every version of Tor. o Major bugfixes (client, pluggable transports): - When managing pluggable transports, use OS notification facilities @@ -58,17 +61,17 @@ Changes in version 0.2.5.5-alpha - 2014-06-1? on 0.2.3.6-alpha. o Minor features (diagnostic): - - When logging a warning because of bug 7164, additionally check - the hash table for consistency (as proposed on ticket 11737). - This may help diagnose bug 7164. + - When logging a warning because of bug 7164, additionally check the + hash table for consistency (as proposed on ticket 11737). This may + help diagnose bug 7164. - When we log a heartbeat, log how many one-hop circuits we have that are at least 30 minutes old, and log status information about a few of them. This is an attempt to track down bug 8387. - - When encountering an unexpected CR while writing text to a - file on Windows, log the name of the file. Should help - diagnosing bug 11233. - - Give more specific warnings when a client notices that - an onion handshake has failed. Fixes ticket 9635. + - When encountering an unexpected CR while writing text to a file on + Windows, log the name of the file. Should help diagnosing + bug 11233. + - Give more specific warnings when a client notices that an onion + handshake has failed. Fixes ticket 9635. - Add significant new logging code to attempt to diagnose bug 12184, where relays seem to run out of available circuit IDs. - Improve the diagnostic log message for bug 8387 even further to @@ -76,13 +79,12 @@ Changes in version 0.2.5.5-alpha - 2014-06-1? circuits sometimes do not get closed. o Minor features (security, memory management): - - Memory allocation tricks (mempools and buffer freelists) - are now disabled by default. You can turn them back on with - --enable-mempools and --enable-buf-freelists respectively. - We're disabling these features because malloc performance is good - enough on most platforms, and a - similar feature in OpenSSL exacerbated exploitation of the Heartbleed - attack. Resolves ticket 11476. + - Memory allocation tricks (mempools and buffer freelists) are now + disabled by default. You can turn them back on with + --enable-mempools and --enable-buf-freelists respectively. We're + disabling these features because malloc performance is good enough + on most platforms, and a similar feature in OpenSSL exacerbated + exploitation of the Heartbleed attack. Resolves ticket 11476. o Minor features (security): - Apply the secure SipHash-2-4 function to the hash table mapping @@ -106,15 +108,14 @@ Changes in version 0.2.5.5-alpha - 2014-06-1? bugfix on 0.2.1.1-alpha. o Minor bugfixes (performance): - - Avoid a bug where every successful connection made us recompute the - flag telling us whether we have sufficient information to build - circuits. Previously, - we would forget our cached value + - Avoid a bug where every successful connection made us recompute + the flag telling us whether we have sufficient information to + build circuits. Previously, we would forget our cached value successfully opened a channel (or marked a router as running or not running for any other reason), regardless of whether we had previously believed the router to be running. This forced us to - run an expensive update operation far too often. - Fixes bug 12170; bugfix on 0.1.2.1-alpha. + run an expensive update operation far too often. Fixes bug 12170; + bugfix on 0.1.2.1-alpha. - Avoid using tor_memeq() for checking relay cell integrity. This removes a possible performance bottleneck. Fixes part of bug 12169; bugfix on 0.2.1.31. @@ -179,9 +180,9 @@ Changes in version 0.2.5.5-alpha - 2014-06-1? - Avoid warnings when running with sandboxing enabled at the same time as cookie authentication, hidden services or directory authority voting. Fixes part of 12064; bugfix on 0.2.5.1-alpha. - - Do not allow options that require calls to exec to be - enabled alongside the seccomp2 sandbox: they will inevitably - crash. Fixes bug 12043; bugfix on 0.2.5.1-alpha. + - Do not allow options that require calls to exec to be enabled + alongside the seccomp2 sandbox: they will inevitably crash. Fixes + bug 12043; bugfix on 0.2.5.1-alpha. - Handle failures in getpwnam()/getpwuid() when running with the User option set and the Linux syscall sandbox enabled. Fixes bug 11946; bugfix on 0.2.5.1-alpha. @@ -255,8 +256,8 @@ Changes in version 0.2.5.5-alpha - 2014-06-1? v2 link handshake. Fixes bug 12227; bugfix on 0.2.4.8-alpha. Found by "starlight". - When rejecting DATA cells for stream_id zero, still count them - against the circuit's deliver window so that we don't fail to - send a SENDME. Fixes bug 11246; bugfix on 0.2.4.10-alpha. + against the circuit's deliver window so that we don't fail to send + a SENDME. Fixes bug 11246; bugfix on 0.2.4.10-alpha. o Minor bugfixes (logging): - Fix a misformatted log message about delayed directory fetches. @@ -285,9 +286,9 @@ Changes in version 0.2.5.5-alpha - 2014-06-1? caches don't get confused. o Package cleanup: - - The contrib directory has been sorted and tidied. Before, it was an - unsorted dumping ground for useful and not-so-useful things. Now, - it is divided based on functionality, and the items which + - The contrib directory has been sorted and tidied. Before, it was + an unsorted dumping ground for useful and not-so-useful things. + Now, it is divided based on functionality, and the items which seemed to be nonfunctional or useless have been removed. Resolves ticket 8966; based on patches from "rl1987". -- cgit v1.2.3