mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2025-02-22 22:25:51 +01:00
minor changelog cleanups. declare that friday is when we release it.
svn:r17207
This commit is contained in:
Roger Dingledine
parent
bc128c0b03
commit
311b8b274c
1 changed files with 21 additions and 21 deletions
42
ChangeLog
42
ChangeLog
|
|
@ -1,4 +1,4 @@
|
||||||
Changes in version 0.2.1.7-alpha - 2008-11-xx
|
Changes in version 0.2.1.7-alpha - 2008-11-07
|
||||||
o Security fixes:
|
o Security fixes:
|
||||||
- The "ClientDNSRejectInternalAddresses" config option wasn't being
|
- The "ClientDNSRejectInternalAddresses" config option wasn't being
|
||||||
consistently obeyed: if an exit relay refuses a stream because its
|
consistently obeyed: if an exit relay refuses a stream because its
|
||||||
|
|
@ -6,26 +6,26 @@ Changes in version 0.2.1.7-alpha - 2008-11-xx
|
||||||
the relay said the destination address resolves to, even if it's
|
the relay said the destination address resolves to, even if it's
|
||||||
an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.
|
an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.
|
||||||
- The "User" and "Group" config options did not clear the
|
- The "User" and "Group" config options did not clear the
|
||||||
supplementary group entries for the process. The "User" option
|
supplementary group entries for the Tor process. The "User" option
|
||||||
has been made more robust, and also now also sets the groups to
|
is now more robust, and we now set the groups to the specified
|
||||||
the specified user's primary group. The "Group" option is now
|
user's primary group. The "Group" option is now ignored. For more
|
||||||
ignored. For more detailed logging on credential switching, set
|
detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
|
||||||
CREDENTIAL_LOG_LEVEL in common/compat.c to LOG_NOTICE or higher;
|
in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
|
||||||
patch by Jacob Appelbaum and Steven Murdoch.
|
and Steven Murdoch.
|
||||||
|
|
||||||
o Minor features:
|
o Minor features:
|
||||||
- Now NodeFamily and MyFamily config options allow spaces in
|
- Now NodeFamily and MyFamily config options allow spaces in
|
||||||
identity fingerprints, so it's easier to paste them in.
|
identity fingerprints, so it's easier to paste them in.
|
||||||
Suggested by Lucky Green.
|
Suggested by Lucky Green.
|
||||||
|
- Implement the 0x20 hack to better resist DNS poisoning: set the
|
||||||
|
case on outgoing DNS requests randomly, and reject responses that do
|
||||||
|
not match the case correctly. This logic can be disabled with the
|
||||||
|
ServerDNSRamdomizeCase setting, if you are using one of the 0.3%
|
||||||
|
of servers that do not reliably preserve case in replies. See
|
||||||
|
"Increased DNS Forgery Resistance through 0x20-Bit Encoding"
|
||||||
|
for more info.
|
||||||
- Preserve case in replies to DNSPort requests in order to support
|
- Preserve case in replies to DNSPort requests in order to support
|
||||||
the 0x20 hack for resisting DNS poisoning attacks.
|
the 0x20 hack for resisting DNS poisoning attacks.
|
||||||
- Implement the 0x20 hack to better resist DNS poisoning: set the
|
|
||||||
case on outgoing DNS requests randomly, and reject responses
|
|
||||||
that do not match the case correctly. This logic can be
|
|
||||||
disabled with the ServerDNSRamdomizeCase setting, if you are
|
|
||||||
using one of the 0.3% of servers that do not reliably preserve
|
|
||||||
case in replies. See "Increased DNS Forgery Resistance through
|
|
||||||
0x20-Bit Encoding" for more info.
|
|
||||||
|
|
||||||
o Hidden service performance improvements:
|
o Hidden service performance improvements:
|
||||||
- When the client launches an introduction circuit, retry with a
|
- When the client launches an introduction circuit, retry with a
|
||||||
|
|
@ -45,20 +45,20 @@ Changes in version 0.2.1.7-alpha - 2008-11-xx
|
||||||
no pending streams, choose a good general exit rather than one that
|
no pending streams, choose a good general exit rather than one that
|
||||||
supports "all the pending streams". Bugfix on 0.1.1.x. Fix by rovv.
|
supports "all the pending streams". Bugfix on 0.1.1.x. Fix by rovv.
|
||||||
- Send a valid END cell back when a client tries to connect to a
|
- Send a valid END cell back when a client tries to connect to a
|
||||||
nonexistent hidden service port. Bugfix on 0.1.2.15. Fixes bug
|
nonexistent hidden service port. Bugfix on 0.1.2.15. Fixes bug
|
||||||
840. Patch from rovv.
|
840. Patch from rovv.
|
||||||
- If a broken client asks a non-exit router to connect somewhere,
|
- If a broken client asks a non-exit router to connect somewhere,
|
||||||
do not even do the DNS lookup before rejecting the connection.
|
do not even do the DNS lookup before rejecting the connection.
|
||||||
Fixes another case of bug 619. Patch from rovv.
|
Fixes another case of bug 619. Patch from rovv.
|
||||||
- Fix another case of assuming, when a specific exit is requested,
|
- Fix another case of assuming, when a specific exit is requested,
|
||||||
that we know more than the user about what hosts it allows.
|
that we know more than the user about what hosts it allows.
|
||||||
Fixes another case of bug 752. Patch from rovv.
|
Fixes another case of bug 752. Patch from rovv.
|
||||||
- Check which hops rendezvous stream cells are associated with to
|
- Check which hops rendezvous stream cells are associated with to
|
||||||
prevent possible guess-the-streamid injection attacks from
|
prevent possible guess-the-streamid injection attacks from
|
||||||
intermediate hops. Fixes another case of bug 446. Based on patch
|
intermediate hops. Fixes another case of bug 446. Based on patch
|
||||||
from rovv.
|
from rovv.
|
||||||
- Avoid using a negative right-shift when comparing 32-bit
|
- Avoid using a negative right-shift when comparing 32-bit
|
||||||
addresses. Possible fix for bug 845 and bug 811.
|
addresses. Possible fix for bug 845 and bug 811.
|
||||||
- Make the assert_circuit_ok() function work correctly on circuits that
|
- Make the assert_circuit_ok() function work correctly on circuits that
|
||||||
have already been marked for close.
|
have already been marked for close.
|
||||||
- Fix read-off-the-end-of-string error in unit tests when decoding
|
- Fix read-off-the-end-of-string error in unit tests when decoding
|
||||||
|
|
@ -138,7 +138,7 @@ Changes in version 0.2.1.6-alpha - 2008-09-30
|
||||||
- Add a -p option to tor-resolve for specifying the SOCKS port: some
|
- Add a -p option to tor-resolve for specifying the SOCKS port: some
|
||||||
people find host:port too confusing.
|
people find host:port too confusing.
|
||||||
- Make TrackHostExit mappings expire a while after their last use, not
|
- Make TrackHostExit mappings expire a while after their last use, not
|
||||||
after their creation. Patch from Robert Hogan.
|
after their creation. Patch from Robert Hogan.
|
||||||
- Provide circuit purposes along with circuit events to the controller.
|
- Provide circuit purposes along with circuit events to the controller.
|
||||||
|
|
||||||
o Minor bugfixes:
|
o Minor bugfixes:
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue