mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-20 02:09:24 +01:00
Code Issues Projects Releases Wiki Activity

Bring remaining 0.2.5.5-alpha entries into changelog

Browse Source
This commit is contained in:
Nick Mathewson 2014-06-16 15:00:10 -04:00
parent 2f4fcfc8d1
commit 2050846312
18 changed files with 107 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
ChangeLog
View File

@ -1,6 +1,24 @@
Changes in version 0.2.5.5-alpha - 2014-06-??
Changes in version 0.2.5.5-alpha - 2014-06-1?
Write a blurb here.
o Major features (security, traffic analysis resistance):
- Increase the base amount of time that a canonical connection (one
that we have made to a known OR) is allowed to stay idle from 3
minutes to 15 minutes. This leaks less information about when
circuits have closed, and avoids unnecessary overhead from
renegotiating connections. Part of a fix for ticket 6799.
- Instead of closing connections after they have been idle for a
fixed interval, randomly add up to 50% to each connection's
maximum timeout. This makes it harder to tell when the last
circuit closed by looking at when a connection closes. Part of a
fix for ticket 6799.
- Base connection idleness tests on the actual time elapsed since
the connection last had circuits, not on the time when we last
added non-padding. This change also makes it harder for an
observer to tell when the last circuit closed by looking at when a
connection closes. Part of a fix for ticket 6799. Incidentally
fixes bug 12023; bugfix on 0.2.5.1-alpha.
o Major bugfixes (security, OOM, new since 0.2.5.4-alpha, also in 0.2.4.22):
- Fix a memory leak that could occur if a microdescriptor parse
fails during the tokenizing step. This bug could enable a memory
@ -13,6 +31,11 @@ Changes in version 0.2.5.5-alpha - 2014-06-??
directory object. Previously, relays would used tunnel connections
under a fairly wide variety of circumstances. Fixes bug 11469;
bugfix on 0.2.4.3-alpha.
- When a circuit accidentally has the same circuit ID for its
forward and reverse direction, correctly detect the direction of
cells using that circuit. Previously, this would have made roughly
one circuit in a million non-functional. Fixes bug 12195; this is
a bugfix on every version of Tor.
o Major bugfixes (security, directory authorities):
- Directory authorities now include a digest of each relay's
@ -30,6 +53,12 @@ Changes in version 0.2.5.5-alpha - 2014-06-??
attacker from causing a microdescriptor collision, because the
router's identity is not forgeable.
o Major bugfixes (client, pluggable transports):
- When managing pluggable transports, use OS notification facilities
to learn if they have crashed, and do not attempt to kill any
process that has already exited. Fix for bug 8746; bugfix
on 0.2.3.6-alpha.
o Minor features (diagnostic):
- When logging a warning because of bug #7164, additionally check
the hash table for consistency (as proposed on ticket #11737).
@ -42,8 +71,13 @@ Changes in version 0.2.5.5-alpha - 2014-06-??
diagnosing bug 11233.
- Give more specific warnings when we notice at the client side that
an onion handshake has failed. Fixes ticket 9635.
- Add significant new logging code to attempt to diagnose bug 12184,
where relays seem to run out of available circuit IDs.
- Improve the diagnostic log message for bug #8387 even further to
try to improve our odds of figuring out why one-hop directory
circuits sometimes do not get closed.
o Minor features (security, memory management)):
o Minor features (security, memory management):
- Add configure options controlling allocator tricks like mempools
and freelists, and turn them off by default; on most platforms
malloc is reasonable enough for this not to be necessary, and a
@ -61,12 +95,29 @@ Changes in version 0.2.5.5-alpha - 2014-06-??
support for libseccomp on systems that have it, in case it (or
Tor's use of it) is broken. Resolves ticket 11628.
o Minor features (other):
- Update geoip and geoip6 to the June 4 2014 Maxmind GeoLite2
Country database.
o Minor bugfixes (configuration, security, new since 0.2.5.4-alpha, also in 0.2.4.22):
- When running a hidden service, do not allow TunneledDirConns 0;
this will keep the hidden service from running, and also
make it publish its descriptors directly over HTTP. Fixes bug 10849;
bugfix on 0.2.1.1-alpha.
o Minor bugfixes (performance):
- Do not recompute whether we have sufficient information to build
circuits every time we make a successful connection. Previously,
we would forget our cached value for this flag every time we
successfully opened a channel (or marked a router as running or
not running for any other reason), regardless of whether we had
previously believed the router to be running. This forced us to
run a fairly expensive update operation with relatively high
frequency. Fixes bug 12170; bugfix on 0.1.2.1-alpha.
- Avoid using tor_memeq() for checking relay cell integrity. This
removes a possible performance bottleneck. Fixes part of bug
12169; bugfix on 0.2.1.31.
o Minor bugfixes (compilation):
- Fix compilation of test_status.c when building with MVSC. Bugfix
on 0.2.5.4-alpha. Patch from Gisle Vanem.
@ -140,6 +191,12 @@ Changes in version 0.2.5.5-alpha - 2014-06-??
- Handle failures in getpwnam()/getpwuid() when running with the
User option set and the Linux syscall sandbox enabled. Fixes bug
11946; bugfix on 0.2.5.1-alpha.
- Refactor the getaddrinfo workaround that the seccomp sandbox uses
to avoid calling getaddrinfo() after installing the sandbox
filters. Previously, it preloaded a cache with the IPv4 address
for our hostname, and nothing else. Now, it loads the cache with
every address that it used to initialize the Tor process. Fixes
bug 11970; bugfix on 0.2.5.1-alpha.
o Minor bugfixes (pluggable transports):
- Enable the ExtORPortCookieAuthFile option, to allow changing the
@ -152,6 +209,12 @@ Changes in version 0.2.5.5-alpha - 2014-06-??
descriptors for our bridges. Fixes bug 11965; bugfix
on 0.2.3.6-alpha.
o Minor bugfixes (client):
- Avoid "Tried to open a socket with DisableNetwork set" warnings
when starting a client with bridges configured and DisableNetwork
set. (Tor launcher starts Tor with DisableNetwork set the first
time.) Fixes bug 10405; bugfix on 0.2.3.9-alpha.
o Minor bugfixes (testing):
- The Python parts of the test scripts now work on Python 3 as well
as Python 2, so systems where '/usr/bin/python' is Python 3 will
@ -188,9 +251,25 @@ Changes in version 0.2.5.5-alpha - 2014-06-??
error value, even on success. Fixes bug 11805; bugfix
on 0.2.5.4-alpha.
o Minor bugfixes (relay, other):
- We now drop CREATE cells for already-existent circuit IDs and for
zero-valued circuit IDs, regardless of other factors that might
otherwise have called for DESTROY cells. Fixes bug 12191; bugfix
on 0.0.8pre1.
- Avoid an illegal read from stack when initializing the TLS module
using a version of OpenSSL without all of the ciphers used by the
v2 link handshake. Fixes bug 12227; bugfix on 0.2.4.8-alpha. Found
by "starlight".
- When rejecting DATA cells for stream_id zero, still count them
against the circuit's deliver window so that we don't get fail to
send a SENDME. Fix for bug 11246; bugfix on 0.2.4.10-alpha.
o Minor bugfixes (logging):
- Fix a misformatted log message about delayed directory fetches.
Fixes bug 11654; bugfix on 0.2.5.3-alpha.
- Squelch a spurious LD_BUG message "No origin circuit for
successful SOCKS stream" in certain hidden service failure cases;
fixes bug #10616.
o Distribution:
- Include a tor.service file in contrib/dist for use with systemd.
@ -204,6 +283,9 @@ Changes in version 0.2.5.5-alpha - 2014-06-??
directory authority options, remove the documentation for a
V2-directory fetching option that no longer exists. Resolves
ticket 11634.
- In the manpage, move more authority-only options into the
directory authority section so that operators of regular directory
caches don't get confused.
o Package cleanup:
- The contrib directory has been sorted and tidy. Before, it was an

5
changes/bug10405
View File

@ -1,5 +0,0 @@
o Minor bugfixes:
- Avoid "Tried to open a socket with DisableNetwork set" warnings
when starting a client with bridges configured and DisableNetwork
set. (Tor launcher starts Tor with DisableNetwork set the first
time.) Fixes bug 10405; bugfix on 0.2.3.9-alpha.

4
changes/bug10616
View File

@ -1,4 +0,0 @@
o Bugfixes:
- Squelch a spurious LD_BUG message "No origin circuit for successful
SOCKS stream" in certain hidden service failure cases; fixes bug
#10616.

7
changes/bug11970
View File

@ -1,7 +0,0 @@
o Minor bugfixes (linux seccomp sandbox):
- Refactor the getaddrinfo workaround that the seccomp sandbox
uses to avoid calling getaddrinfo() after installing the sandbox
filters. Previously, it preloaded a cache with the IPv4 address
for our hostname, and nothing else. Now, it loads the cache with
every address that it used to initialize the Tor process. Fixes
bug 11970; bugfix on 0.2.5.1-alpha.

5
changes/bug12169_simple
View File

@ -1,5 +0,0 @@
o Minor bugfixes (performance):
- Avoid using tor_memeq() for checking relay cell integrity.
This removes a possible performance bottleneck. Fixes part of bug
12169; bugfix on 0.2.1.31.

11
changes/bug12170
View File

@ -1,11 +0,0 @@
o Major bugfixes (performance):
- Do not recompute whether we have sufficient information to build
circuits every time we make a successful connection. Previously,
we would forget our cached value for this flag every time we
successfully opened a channel (or marked a router as running or not
running for any
other reason), regardless of whether we had
previously believed the router to be running. This forced us to
run a fairly expensive update operation with relatively
high frequency.
Fixes bug 12170; bugfix on 0.1.2.1-alpha.

4
changes/bug12184_diagnostic
View File

@ -1,4 +0,0 @@
o Minor features (diagnostic):
- Add significant new logging code to attempt to diagnose bug 12184,
where relays seem to run out of available circuit IDs.

7
changes/bug12191
View File

@ -1,7 +0,0 @@
o Minor bugfixes:
- We now drop CREATE cells for already-existent circuit IDs and
for zero-valued circuit IDs, regardless of other factors that
might otherwise have called for DESTROY cells. Fixes bug 12191;
bugfix on 0.0.8pre1.

7
changes/bug12195
View File

@ -1,7 +0,0 @@
o Major bugfixes:
- When a circuit accidentally has the same circuit ID for its
forward and reverse direction, correctly detect the direction of
cells using that circuit. Previously, this would have made
roughly one circuit in a million non-functional. Fixes bug
12195; this is a bugfix on every version of Tor.

5
changes/bug12227
View File

@ -1,5 +0,0 @@
o Minor bugfixes:
- Avoid an illegal read from stack when initializing the TLS
module using a version of OpenSSL without all of the ciphers
used by the v2 link handshake. Fixes bug 12227; bugfix on
0.2.4.8-alpha. Found by "starlight".

20
changes/bug6799
View File

@ -1,20 +0,0 @@
o Major features:
- Increase the base amount of time that a canonical connection
(one that we have made to a known OR) is allowed to stay idle
from 3 minutes to 15 minutes. This leaks less information
about when circuits have closed, and avoids unnecessary overhead
from renegotiating connections. Part of a fix for ticket 6799.
- Instead of closing connections after they have been idle for a
fixed interval, randomly add up to 50% to each connection's
maximum timeout. This makes it harder to tell when the last
circuit closed by looking at when a connection closes. Part of a
fix for ticket 6799.
- Base connection idleness tests on the actual time elapsed since
the connection last had circuits, not on the time when we last
added non-padding. This change also makes it harder for an
observer to tell when the last circuit closed by looking at when
a connection closes. Part of a fix for ticket 6799.
Incidentally fixes bug 12023; bugfix on 0.2.5.1-alpha.

4
changes/bug8746
View File

@ -1,4 +0,0 @@
o Major bugfixes:
- When managing pluggable transports, use OS notification facilities to
learn if they have crashed, and do not attempt to kill any process
that has already exited. Fix for bug 8746; bugfix on 0.2.3.6-alpha.

2
changes/geoip6-june2014
View File

@ -1,2 +0,0 @@
o Minor features:
- Update geoip and geoip6 to the June 4 2014 Maxmind GeoLite2 Country database.

4
changes/more_8387_diagnosis
View File

@ -1,4 +0,0 @@
o Minor features (diagnostic):
- Improve the diagnostic log message for bug #8387 even further to
try to improve our odds of figuring out why one-hop directory
circuits sometimes do not get closed.

4
changes/move-authdir-options
View File

@ -1,4 +0,0 @@
o Documentation:
- In the manpage, move more authority-only options into the
directory authority section so that operators of regular
directory caches don't get confused.

4
changes/not_bug_8093
View File

@ -1,4 +0,0 @@
o Minor bugfixes:
- When rejecting DATA cells for stream_id zero, still count them against
the circuit's deliver window so that we don't get fail to send a
SENDME. Fix for bug 11246; bugfix on 0.2.4.10-alpha.

18
scripts/maint/format_changelog.py
View File

@ -270,7 +270,16 @@ class ChangeLog(object):
CL = ChangeLog()
parser = head_parser
sys.stdin = open('ChangeLog', 'r')
if len(sys.argv) == 1:
fname = 'ChangeLog'
else:
fname = sys.argv[1]
fname_new = fname+".new"
sys.stdin = open(fname, 'r')
nextline = None
for line in sys.stdin:
line = line.rstrip()
@ -286,13 +295,14 @@ for line in sys.stdin:
CL.lint()
sys.stdout = open('ChangeLog.new', 'w')
sys.stdout = open(fname_new, 'w')
CL.dump()
print nextline
if nextline is not None:
print nextline
for line in sys.stdin:
sys.stdout.write(line)
os.rename('ChangeLog.new', 'ChangeLog')
os.rename(fname_new, fname)

9
scripts/maint/sortChanges.py
View File

@ -1,4 +1,13 @@
#!/usr/bin/python
# Copyright (c) 2014, The Tor Project, Inc.
# See LICENSE for licensing information
"""This script sorts a bunch of changes files listed on its command
line into roughly the order in which they should appear in the
changelog.
TODO: collation support.
"""
import re
import sys