From d92a01e8202a493a022161539007d5f6f9f8a244 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 29 May 2014 11:30:15 -0400 Subject: Reformat 0255 changelog. Tweak formatter script. --- ChangeLog | 178 +++++++++++++++++++++++++++++++------------------------------- 1 file changed, 90 insertions(+), 88 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 72d5f9742..15ff06566 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,34 +9,34 @@ Changes in version 0.2.5.5-alpha - 2014-06-?? o Major bugfixes (relay): - When uploading to the directory authorities, use a direct dirport - connection if we are a uploading an ordinary, non-anonymous directory - object. Previously, relays would used tunnel connections under a - fairly wide variety of circumstances. Fixes bug 11469; bugfix on - 0.2.4.3-alpha. + connection if we are a uploading an ordinary, non-anonymous + directory object. Previously, relays would used tunnel connections + under a fairly wide variety of circumstances. Fixes bug 11469; + bugfix on 0.2.4.3-alpha. o Major security fixes (directory authorities): - Directory authorities now include a digest of each relay's identity key as a part of its microdescriptor. This is a workaround for bug #11743 (reported by "cypherpunks"), - where Tor clients do not - support receiving multiple microdescriptors with the same SHA256 - digest in the same consensus. When clients receive a consensus - like this, they only use one of the relays. Without this fix, a - hostile relay could selectively disable some client use of target - relays by constucting a router descriptor with a different - identity and the same microdescriptor parameters and getting the - authorities to list it in a microdescriptor consensus. This fix - prevents an attacker from causing a microdescriptor collision, - because the router's identity is not forgeable. + where Tor clients do not support receiving multiple + microdescriptors with the same SHA256 digest in the same + consensus. When clients receive a consensus like this, they only + use one of the relays. Without this fix, a hostile relay could + selectively disable some client use of target relays by + constucting a router descriptor with a different identity and the + same microdescriptor parameters and getting the authorities to + list it in a microdescriptor consensus. This fix prevents an + attacker from causing a microdescriptor collision, because the + router's identity is not forgeable. o Minor features (diagnostic): - - When logging a warning because of bug #7164, additionally check the - hash table for consistency (as proposed on ticket #11737). This may - help diagnose bug #7164. - - When we log a heartbeat, log how many one-hop circuits we have that - are at least 30 minutes old, and log status information about a - few of them. This is an attempt to track down bug 8387. + - When logging a warning because of bug #7164, additionally check + the hash table for consistency (as proposed on ticket #11737). + This may help diagnose bug #7164. + - When we log a heartbeat, log how many one-hop circuits we have + that are at least 30 minutes old, and log status information about + a few of them. This is an attempt to track down bug 8387. o Minor features (security): - Apply the secure SipHash-2-4 function to the hash table mapping @@ -60,7 +60,7 @@ Changes in version 0.2.5.5-alpha - 2014-06-?? o Minor features: - When we encounter an unexpected CR in text that we're trying to - write to a file on Windows, log the name of the file. Should help + write to a file on Windows, log the name of the file. Should help diagnosing bug 11233. o Minor bugfixes (configuration, security, new since 0.2.5.4-alpha, also in 0.2.4.22): @@ -70,20 +70,20 @@ Changes in version 0.2.5.5-alpha - 2014-06-?? bugfix on 0.2.1.1-alpha. o Minor bugfixes (compilation): - - Fix compilation of test_status.c when building with MVSC. - Bugfix on 0.2.5.4-alpha. Patch from Gisle Vanem. + - Fix compilation of test_status.c when building with MVSC. Bugfix + on 0.2.5.4-alpha. Patch from Gisle Vanem. - Resolve GCC complaints on OpenBSD about discarding constness in - TO_{ORIGIN,OR}_CIRCUIT functions. Fixes part of bug 11633; bugfix on - 0.1.1.23. Patch from Dana Koch. + TO_{ORIGIN,OR}_CIRCUIT functions. Fixes part of bug 11633; bugfix + on 0.1.1.23. Patch from Dana Koch. - Resolve clang complaints on OpenBSD with -Wshorten-64-to-32 due to - treatment of long and time_t as comparable types. Fixes part of bug 11633. - Patch from Dana Koch. + treatment of long and time_t as comparable types. Fixes part of + bug 11633. Patch from Dana Koch. o Minor bugfixes (build): - - When deciding whether to build the 64-bit curve25519 implementation, - detect platforms where we can compile 128-bit arithmetic but cannot - link it. Fixes bug 11729; bugfix on 0.2.4.8-alpha. Patch - from "conradev". + - When deciding whether to build the 64-bit curve25519 + implementation, detect platforms where we can compile 128-bit + arithmetic but cannot link it. Fixes bug 11729; bugfix on + 0.2.4.8-alpha. Patch from "conradev". o Minor bugfixes (Directory server): - When sending a compressed set of descriptors or microdescriptors, @@ -94,14 +94,15 @@ Changes in version 0.2.5.5-alpha - 2014-06-?? 11648; bugfix on 0.1.1.23. o Minor bugfixes (dmalloc): - - Fix compilation with dmalloc. Fixes bug 11605; bugfix on 0.2.4.10-alpha. + - Fix compilation with dmalloc. Fixes bug 11605; bugfix + on 0.2.4.10-alpha. o Minor bugfixes (documentation): - Correct the documenation so that it lists the correct directories - for the stats files. (They are in a subdirectory called "stats", + for the stats files. (They are in a subdirectory called "stats", not "status".) - o Minor bugfixes (linux seccomp sandbox) + o Minor bugfixes (linux seccomp sandbox): - Make the seccomp sandbox code compile with ARM linux. Fixes bug 11622; bugfix on 0.2.5.1-alpha. - Avoid crashing when re-opening listener ports with the seccomp @@ -109,30 +110,30 @@ Changes in version 0.2.5.5-alpha - 2014-06-?? - Avoid crashing with the seccomp sandbox enabled along with ConstrainedSockets. Fixes bug 12139; bugfix on 0.2.5.1-alpha. - When we receive a SIGHUP with the sandbox enabled, correctly - support rotating our log files. Fixes bug 12032; bugfix on - 0.2.5.1-alpha. + support rotating our log files. Fixes bug 12032; bugfix + on 0.2.5.1-alpha. - Avoid crash when running with sandboxing enabled and - DirReqStatistics not disabled. Fixes bug 12035; bugfix on - 0.2.5.1-alpha. + DirReqStatistics not disabled. Fixes bug 12035; bugfix + on 0.2.5.1-alpha. - Fix a "BUG" warning when trying to write bridge-stats files with - the Linux syscall sandbox filter enabled. Fixes bug 12041; - bugfix on 0.2.5.1-alpha. + the Linux syscall sandbox filter enabled. Fixes bug 12041; bugfix + on 0.2.5.1-alpha. - Prevent the sandbox from crashing on startup when run with the --enable-expensive-hardening configuration option. Fixes bug 11477; bugfix on 0.2.5.4-alpha. - - When running with DirPortFrontPage and Sandbox both enabled, reload - the DirPortFrontPage correctly when restarting. Fixes bug 12028; - bugfix on 0.2.5.1-alpha. - - Don't try to enable the sandbox when using the Tor binary to - check its configuration, hash a passphrase, or so on. Doing - so was crashing on startup for some users. Fixes bug 11609; - bugfix on 0.2.5.1-alpha. + - When running with DirPortFrontPage and Sandbox both enabled, + reload the DirPortFrontPage correctly when restarting. Fixes bug + 12028; bugfix on 0.2.5.1-alpha. + - Don't try to enable the sandbox when using the Tor binary to check + its configuration, hash a passphrase, or so on. Doing so was + crashing on startup for some users. Fixes bug 11609; bugfix + on 0.2.5.1-alpha. - Avoid warnings when running with sandboxing and node statistics - enabled at the same time. - Fixes part of 12064; bugfix on 0.2.5.1-alpha. Patch from Michael Wolf. + enabled at the same time. Fixes part of 12064; bugfix on + 0.2.5.1-alpha. Patch from Michael Wolf. - Avoid warnings when running with sandboxing enabled at the same time as cookie authentication, hidden services or directory - authority voting. Fixes part of 12064; bugfix on 0.2.5.1-alpha. + authority voting. Fixes part of 12064; bugfix on 0.2.5.1-alpha. - Do not allow options which would require us to call exec to be enabled along with the seccomp2 sandbox: they will inevitably crash. Fix for bug 12043; bugfix on 0.2.5.1-alpha. @@ -142,16 +143,16 @@ Changes in version 0.2.5.5-alpha - 2014-06-?? o Minor bugfixes (pluggable transports): - Enable the ExtORPortCookieAuthFile option, to allow changing the - default location of the authentication token for the extended OR Port - as used by sever-side pluggable transports. We had implemented this - option before, but the code to make it settable had been omitted. - Fixes bug 11635; bugfix on 0.2.5.1-alpha. + default location of the authentication token for the extended OR + Port as used by sever-side pluggable transports. We had + implemented this option before, but the code to make it settable + had been omitted. Fixes bug 11635; bugfix on 0.2.5.1-alpha. o Minor bugfixes (testing): - The Python parts of the test scripts now work on Python 3 as well as Python 2, so systems where '/usr/bin/python' is Python 3 will - no longer have the tests break. Fixes bug 11608; bugfix on - 0.2.5.2-alpha. + no longer have the tests break. Fixes bug 11608; bugfix + on 0.2.5.2-alpha. - When looking for versions of python that we could run the tests with, check for "python2.7" and "python3.3"; previously we were only looking for "python", "python2", and "python3". Patch from @@ -160,39 +161,40 @@ Changes in version 0.2.5.5-alpha - 2014-06-?? o Minor bugfixes (tor-fw-helper): - Give a correct log message when tor-fw-helper fails to launch. (Previously, we would say something like "tor-fw-helper sent us a - string we could not parse".) Fixes bug 9781; bugfix on 0.2.4.2-alpha. + string we could not parse".) Fixes bug 9781; bugfix + on 0.2.4.2-alpha. o Minor bugfixes: - - Avoid another 60-second delay when starting Tor in a - pluggable-transport-using configuration when we already have - cached descriptors for our bridges. Fixes bug 11965; bugfix on - 0.2.3.6-alpha. + - Avoid another 60-second delay when starting Tor in a pluggable- + transport-using configuration when we already have cached + descriptors for our bridges. Fixes bug 11965; bugfix + on 0.2.3.6-alpha. o Minor bugfixes: - - Check return code on spawn_func() in cpuworker code, so that we don't - think we've spawned a nonworking cpuworker and write junk to it - forever. Fix related to bug 4345; bugfix on all released Tor versions. - Found by "skruffy". - - Use a pthread_attr to make sure that spawn_func() cannot return - an error while at the same time launching a thread. Fix related - to bug 4345; bugfix on all released Tor versions. Reported by - "cypherpunks". + - Check return code on spawn_func() in cpuworker code, so that we + don't think we've spawned a nonworking cpuworker and write junk to + it forever. Fix related to bug 4345; bugfix on all released Tor + versions. Found by "skruffy". + - Use a pthread_attr to make sure that spawn_func() cannot return an + error while at the same time launching a thread. Fix related to + bug 4345; bugfix on all released Tor versions. Reported + by "cypherpunks". o Minor bugfixes: - - Correctly detect the total available system memory. We tried to do this - in 0.2.5.4-alpha, but the code was set up to always return an error - value, even on success. - Fixes bug 11805; bugfix on 0.2.5.4-alpha. + - Correctly detect the total available system memory. We tried to do + this in 0.2.5.4-alpha, but the code was set up to always return an + error value, even on success. Fixes bug 11805; bugfix + on 0.2.5.4-alpha. o Minor bugfixes: - - Fix a broken log message about delayed directory fetches that - was caused by a misuse of strlcpy(). Fixes bug 11654; bugfix on - 0.2.5.3-alpha. + - Fix a broken log message about delayed directory fetches that was + caused by a misuse of strlcpy(). Fixes bug 11654; bugfix + on 0.2.5.3-alpha. o Minor bugfixes: - Fix all valgrind warnings produced by the unit tests. There were over a thousand memory leak warnings previously, mostly produced - by forgetting to free things in the unit test code. Fixes bug + by forgetting to free things in the unit test code. Fixes bug 11618, bugfixes on many versions of Tor. o Minor bugfixes: @@ -200,20 +202,21 @@ Changes in version 0.2.5.5-alpha - 2014-06-?? bugfix on 0.2.3.13-alpha. Found by "cypherpunks". o Minor bugfixes: - - Make Tor compile correctly with --disable-buf-freelists. - Fixes bug 11623; bugfix on 0.2.5.3-alpha. + - Make Tor compile correctly with --disable-buf-freelists. Fixes bug + 11623; bugfix on 0.2.5.3-alpha. o Bugfixes: - - Add configure options controlling allocator tricks like mempools and - freelists, and turn them off by default; on most platforms malloc is - reasonable enough for this not to be necessary, and a similar feature - in OpenSSL exacerbated Heartbleed. Fixes bug #11476. + - Add configure options controlling allocator tricks like mempools + and freelists, and turn them off by default; on most platforms + malloc is reasonable enough for this not to be necessary, and a + similar feature in OpenSSL exacerbated Heartbleed. Fixes + bug #11476. o Distribution: - - Include a tor.service file in contrib.dist for use with - systemd. Some distributions will be able to use this file unmodified; - others will need to tweak it, or write their own. Patch from - Jamie Nguyen; resolves ticket 8368. + - Include a tor.service file in contrib.dist for use with systemd. + Some distributions will be able to use this file unmodified; + others will need to tweak it, or write their own. Patch from Jamie + Nguyen; resolves ticket 8368. o Documentation: - Clean up several option names in the manpage to match their real @@ -239,7 +242,6 @@ Changes in version 0.2.5.5-alpha - 2014-06-?? hidden services. - Changes in version 0.2.4.22 - 2014-05-16 Tor 0.2.4.22 backports numerous high-priority fixes from the Tor 0.2.5 alpha release series. These include blocking all authority signing -- cgit v1.2.3