From 42e7eb7017bfa6ff5ae955be3d762915d01fc02c Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 18 Mar 2014 22:29:56 -0400 Subject: Work on the changelog for 0.2.5.3-alpha some more --- ChangeLog | 200 +++++++++++++++++++++++++++++++++----------------------------- 1 file changed, 108 insertions(+), 92 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 427bb84b8..01bd93b94 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,135 +1,152 @@ Changes in version 0.2.5.3-alpha - 2014-03-?? + Tor 0.2.5.3-alpha includes all the fixes from 0.2.4.21. It contains + two new anti-DoS features for Tor nodes, resolves a bug that was + keeping SOCKS5 support for IPv6 from working, fixes several annoying + usability issues for bridge users, and removes more old + code for unused directory formats. + + The Tor 0.2.5.x release series is now in patch-freeze: no feature + patches not already written will be considered for inclusion in + 0.2.5.x. o Major features (server security, DoS-resistance): - - Also consider stream buffer sizes when calculating OOM - conditions. Rename MaxMemInCellQueues to MaxMemInQueues. Fixes + - When we run out of memory and we need to close circuits, also + consider how much memory is allocated in buffers for streams + attached to each circuit. + + This change, which extends an anti-DoS feature introduced in + 0.2.4.13-alpha and improved in 0.2.4.14-alpha, lets Tor exit nodes + better resist more memory-based DoS attacks than before. Since the + MaxMemInCellQueues option now applies to all queues, not only cell + queues, it is now renamed to MaxMemInQueues. This feature fixes bug 10169. - Avoid hash-flooding denial-of-service attacks by using the secure - SipHash-2-4 hash function for our hashtables. Without this + SipHash-2-4 hash function for our hashtables. Without this feature, an attacker could degrade performance of a targeted client or server by flooding their data structures with a large number of data entries all calculated to be stored at the same - hash table position, thereby degrading hash table - performance. With this feature, hash table positions are derived - from a randomized cryptographic key using SipHash-2-4, and an - attacker cannot predict which entries will collide. - Closes ticket 4900. + hash table position, thereby slowing down hash table operations. + With this feature, hash table positions are derived from a + randomized cryptographic key, and an attacker cannot predict which + entries will collide. Closes ticket 4900. - Decrease the lower limit of MaxMemInQueues to 256 MBytes, to - appease raspberry pi users. Fixes bug 9686. + better support Raspberry Pi users. Fixes bug 9686; bugfix on + 0.2.4.14-alpha. o Minor features (bridges, pluggable transports): - - Bridges write the SHA1 digest of their identity key fingerprint to - notice-level logs and to hashed-fingerprint, so that bridge - operators can look up their bridge in Globe and similar tools. + - Bridges now write the SHA1 digest of their identity key + fingerprint (that is, a hash of a hash of their public key) to + notice-level logs and to a new hashed-fingerprint file. This will + help bridge operatorslook up their bridge in Globe and similar + tools. Resolves ticket 10884. - Improve the message that gets displayed when Tor as a bridge is using pluggable transports but doesn't have an Extended ORPort - listener. Furthermore, we now log the message in the log file - too. Resolves ticket 11043. - - Don't log at warning severity when we refuse to launch a - pluggable transport proxy that we don't need. Resolves ticket + listener. Also, log the message in the log file too. Resolves + ticket 11043. + - Stop giving annoying warning messages when we decide not to launch + a pluggable transport proxy that we don't need. Resolves ticket 5018; bugfix on 0.2.5.2-alpha. o Minor features (other): - - Warn the user if they put any ports in the SocksPolicy, + - Add a new option, PredictedPortsRelevanceTime, to control how long + after having received a request to connect to a given port Tor + will try to keep circuits ready in anticipation of future request + for that port. Patch from "unixninja92"; implements ticket 9176. + - Generate a warning if any ports are listed in the SocksPolicy, DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or - AuthDirBadExit options. Fixes ticket #11108. - - Update geoip and geoip6 to the February 7 2014 Maxmind GeoLite2 Country - database. - - Made PREDICTED_CIRCS_RELEVANCE_TIME configurable from config - file with a new option, PredictedPortsRelevanceTime. Implements - ticket #9176. Patch by unixninja92. + AuthDirBadExit options. (These options only support address + ranges.) Fixes ticket 11108. + - Update geoip and geoip6 to the February 7 2014 Maxmind GeoLite2 + Country database. o Minor bugfixes (new since 0.2.5.2-alpha, also in 0.2.4.21): - Build without warnings under clang 3.4. (We have some macros that define static functions only some of which will get used later in - the module. Starting with clang 3.4, these give a warning unless the - unused attribute is set on them.) Resolves ticket 10904. + the module. Starting with clang 3.4, these give a warning unless + the unused attribute is set on them.) Resolves ticket 10904. - Fix build warnings about missing "a2x" comment when building the manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py". Fixes bug 10929; bugfix on 0.2.2.9-alpha. Patch from Dana Koch. o Minor bugfixes (unit tests) - Fix a small bug in the unit tests that might have made the tests - call 'chmod' with an uninitialized bitmask. - Fixes bug 10928; bugfix on 0.2.5.1-alpha. Patch from Dana Koch. - - o Minor bugfixes (client): - - Fix IPv6 support when using the SocksPort with SOCKS5. Using IPv6 - through a SOCKS5 using the SocksPort option will now work with - this fix. This part of the code has never been updated to support - IPv6 thus this does not fix a previously introduced regression. - Fixes bug 10987; bugfix on 0.2.4.7-alpha. - - Fix tor so that it raises a control port warning when we fail to - connect to all of our bridges. Fixes bug 11069; bugfix on + call 'chmod' with an uninitialized bitmask. Fixes bug 10928; + bugfix on 0.2.5.1-alpha. Patch from Dana Koch. + + o Minor bugfixes (client): + - Fix connections to IPv6 addresses over SOCKS5; previously, we were + generating incorrect SOCKS5 responses, and confusing client + applications. Fixes bug 10987; bugfix on 0.2.4.7-alpha. + - Raises a control port warning when we fail to connect to all of + our bridges. Previously, we didn't let the controller know, which + would make the bootstrap process stall. Fixes bug 11069; bugfix on tor-0.2.1.2-alpha. - - Fix a bug where we would attempt to connect to bridges before - our pluggable transports were configured, which resulted in some - erroneous log messages. Fixes bug 11156; bugfix on - 0.2.3.2-alpha. - - Exit immediately when exiting because of dropped connection from - a process-owning controller. Previously, if we were running in - server mode, we would wait for a little while as in the when we - got an INT signal--but this was problematic, since there was no - feedback for the user. Controllers that want to do a clean - shutdown should send an INT signal, and let the user know what's - going on. Fix for bug 10449; bugfix on 0.2.2.28-beta. - - Log an improved message when excluding hidden service directory - nodes prevents a hidden service from working. - Improves on our fix for bug #10722, which was a bugfix on - 0.2.0.10-alpha. + - Exit immediately when a process-owning controller exits. + Previously, tor relays would wait for a little while after their + controller exited, as if they had gotten an INT signal-- but this + was problematic, since there was no feedback for the + user. Controllers that want to do a clean shutdown should send an + INT signal to let the user know what's going on. Fix for bug + 10449; bugfix on 0.2.2.28-beta. + - Improve the log message when we can't connect to a hidden service + because we have excluded all of the hidden service directory nodes + hosting its descriptor. Improves on our fix for bug 10722, which + was a bugfix on 0.2.0.10-alpha. + - Fix a bug where we would attempt to connect to bridges before our + pluggable transports were configured, which resulted in some + erroneous log messages. Fixes bug 11156; bugfix on 0.2.3.2-alpha. o Minor bugfixes (servers): - Non-exit servers no longer launch mock DNS requests to check for - DNS hijacking. This has been unnecessary since 0.2.1.7-alpha, - when non-exit servers stopped servicing DNS requests. Fixes bug - 965; bugfix on 0.2.1.7-alpha. Patch from Matt Pagan. + DNS hijacking. This has been unnecessary since 0.2.1.7-alpha, when + non-exit servers stopped servicing DNS requests. Fixes bug 965; + bugfix on 0.2.1.7-alpha. Patch from Matt Pagan. - Avoid crashing on a malformed resolv.conf file when running a server using Libevent 1. Fixes bug 8788; bugfix on 0.1.1.23. - - Give the correct URL in the warning message that we present - when the user is trying to run a Tor relay on an ancient version - of Windows. Fixes bug 9393. - - Bridges now never collect statistics that were designed for relays. - Fix for bug 5824; bugfix on 0.2.3.8-alpha. - - Bridges now report complete directory request statistics. Related to - bug 5824; bugfix on 0.2.2.1-alpha. + - Give the correct URL in the warning message that we present when + trying to run a Tor relay on an ancient version of Windows. Fixes + bug 9393. + - Bridges now never collect statistics that were designed for + relays. Fix for bug 5824; bugfix on 0.2.3.8-alpha. + - Bridges now report complete directory request statistics. Related + to bug 5824; bugfix on 0.2.2.1-alpha. o Minor bugfixes (backtrace support): - - Build using the -fasynchronous-unwind-tables option so that more - platforms (in particular, ones like 32-bit Intel where the - -fomit-frame-pointer option is on by default and table - generation is not) will support generating backtraces. This - doesn't yet add Windows support yet; only Linux, OSX, and some BSD - are affected. Reported by 'cypherpunks'; fixes bug 11047; bugfix - on 0.2.5.2-alpha. - - Avoid strange behavior if two threads hit failed asswertions - at the same time and both try to log backtraces at - once. (Previously, if this had happened, both threads would - have stored their intermediate results in the same buffer, and - generated junk outputs.) Reported by "cypherpunks". Fixes bug - 11048; bugfix on 0.2.5.2-alpha. - - Fix a 64-to-32-conversion warning in format_number_sigsafe(). - Bugfix on 0.2.5.2-alpha; patch from Nick Hopper. + - Support automatic backtraces on more platforms by using the + -fasynchronous-unwind-tables compiler option. This option is + needed for platforms like 32-bit Intel where -fomit-frame-pointer + is on by default and table generation is not. This doesn't yet + add Windows support yet; only Linux, OSX, and some BSD are + affected. Reported by 'cypherpunks'; fixes bug 11047; bugfix on + 0.2.5.2-alpha. + - Avoid strange behavior if two threads hit failed assertions at the + same time and both try to log backtraces at once. (Previously, if + this had happened, both threads would have stored their + intermediate results in the same buffer, and generated junk + outputs.) Reported by "cypherpunks". Fixes bug 11048; bugfix on + 0.2.5.2-alpha. + - Fix a 64-to-32-conversion compiler warning in + format_number_sigsafe(). Bugfix on 0.2.5.2-alpha; patch from Nick + Hopper. o Removed code: - - Remove all code for hidden service authorities to accept and serve - version 0 descriptors and left-over code for hidden services and - hidden service clients to upload and fetch version 0 descriptors. - Version 0 descriptors are not in use anymore since 0.2.2.1-alpha. - Fixes the rest of bug 10841. + - Remove all remaining code related to version-0 hidden service + descriptors: they have not been in use since 0.2.2.1-alpha. Fixes + the rest of bug 10841. o Documentation: - Explain that SocksPolicy, DirPolicy, and their allies don't take - port arguments. Fixes ticket #11108. + port arguments. Fixes ticket 11108. - Fix the max client name length in the manpage's description of - HiddenServiceAuthorizeClient description: it should have been - 16, not 19. Fixes bug 11118; bugfix on 0.2.1.6-alpha. + HiddenServiceAuthorizeClient description: it should have been 16, + not 19. Fixes bug 11118; bugfix on 0.2.1.6-alpha. - Document in the manpage that "KBytes" may also be written as "kilobytes" or "KB", that "Kbits" may also be written as - "kilobits", and so forth. Closes ticket #9222. + "kilobits", and so forth. Closes ticket 9222. - Fix a comment about the rend_server_descriptor_t.protocols field - to more accurately describe its range. Also, make that - field unsigned, to more accurately reflect its usage. - Fixes bug 9099; bugfix on 0.2.1.5-alpha. + to more accurately describe its range. Also, make that field + unsigned, to more accurately reflect its usage. Fixes bug 9099; + bugfix on 0.2.1.5-alpha. o Code simplifications and refactoring: - Get rid of router->address, since in all cases it was just the @@ -137,10 +154,9 @@ Changes in version 0.2.5.3-alpha - 2014-03-?? o Test infrastructure: - Update to the latest version of tinytest. - - Improve the tinytest implementation of string operation tests - so that comparisons NULL strings no longer crash the tests; - they now just fail, normally. Fixes bug 9004; bugfix on - 0.2.2.4-alpha. + - Improve the tinytest implementation of string operation tests so + that comparisons NULL strings no longer crash the tests; they now + just fail, normally. Fixes bug 9004; bugfix on 0.2.2.4-alpha. Changes in version 0.2.4.21 - 2014-02-28 -- cgit v1.2.3