mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-20 18:22:09 +01:00
Add a blurb, edit the changelog
This commit is contained in:
parent
39606aece5
commit
7878668cab
89
ChangeLog
89
ChangeLog
@ -1,5 +1,14 @@
|
||||
Changes in version 0.3.0.3-alpha - 2017-02-03
|
||||
BLURB BLURB BLURB.
|
||||
Tor 0.3.0.3-alpha fixes a few significant bugs introduced over the
|
||||
0.3.0.x development series, including some that could cause
|
||||
authorities to behave badly. There is also a fix for a longstanding
|
||||
bug that could prevent IPv6 exits from working. Tor 0.3.0.3-alpha also
|
||||
includes some smaller features and bugfixes.
|
||||
|
||||
The Tor 0.3.0.x release series is now in patch-freeze: no additional
|
||||
features will be considered for inclusion in 0.3.0.x. We suspect that
|
||||
some bugs will probably remain, however, and we encourage people to
|
||||
test this release.
|
||||
|
||||
o Major bugfixes (directory authority):
|
||||
- During voting, when marking a node as a probable sybil, do not
|
||||
@ -14,20 +23,20 @@ Changes in version 0.3.0.3-alpha - 2017-02-03
|
||||
|
||||
o Major bugfixes (entry guards):
|
||||
- Stop trying to build circuits through entry guards for which we
|
||||
have no descriptor yet. Also, stop crashing if we *do*
|
||||
have no descriptor. Also, stop crashing in the case that we *do*
|
||||
accidentally try to build a circuit in such a state. Fixes bug
|
||||
21242; bugfix on 0.3.0.1-alpha.
|
||||
|
||||
o Major bugfixes (IPv6 Exits):
|
||||
- Stop rejecting all IPv6 traffic on Exits whose exit policy rejects
|
||||
IPv6 addresses. Instead, only reject a port over IPv6 if the exit
|
||||
policy rejects that port on more than an IPv6 /16 of addresses.
|
||||
This bug was made worse by 17027 in 0.2.8.1-alpha, which rejects a
|
||||
relay's own IPv6 address by default. Fixes bug 21357; bugfix on
|
||||
commit 004f3f4e53 in 0.2.4.7-alpha.
|
||||
any IPv6 addresses. Instead, only reject a port over IPv6 if the
|
||||
exit policy rejects that port on more than an IPv6 /16 of
|
||||
addresses. This bug was made worse by 17027 in 0.2.8.1-alpha,
|
||||
which rejected a relay's own IPv6 address by default. Fixes bug
|
||||
21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
|
||||
|
||||
o Minor feature (client):
|
||||
- Enable IPv6 traffic by default on the SocksPort. To disable this,
|
||||
- Enable IPv6 traffic on the SocksPort by default. To disable this,
|
||||
a user will have to specify "NoIPv6Traffic". Closes ticket 21269.
|
||||
|
||||
o Minor feature (fallback scripts):
|
||||
@ -36,10 +45,10 @@ Changes in version 0.3.0.3-alpha - 2017-02-03
|
||||
20174. Patch by haxxpop.
|
||||
|
||||
o Minor features (ciphersuite selection):
|
||||
- Clients now advertise a list of ciphersuites closer to the ones
|
||||
preferred by Firefox. Closes part of ticket 15426.
|
||||
- Allow servers to accept a wider range of ciphersuites, including
|
||||
chacha20-poly1305 and AES-CCM. Closes the other part of 15426.
|
||||
- Clients now advertise a list of ciphersuites closer to the ones
|
||||
preferred by Firefox. Closes ticket 15426.
|
||||
|
||||
o Minor features (controller, configuration):
|
||||
- Each of the *Port options, such as SocksPort, ORPort, ControlPort,
|
||||
@ -53,23 +62,24 @@ Changes in version 0.3.0.3-alpha - 2017-02-03
|
||||
in feature 20956. Implements ticket 21300.
|
||||
|
||||
o Minor features (portability, compilation):
|
||||
- Autoconf now check to determine if OpenSSL structures are opaque,
|
||||
- Autoconf now checks to determine if OpenSSL structures are opaque,
|
||||
instead of explicitly checking for OpenSSL version numbers. Part
|
||||
of ticket 21359.
|
||||
- Support building with recent LibreSSL code that uses opaque
|
||||
structures. Closes ticket 21359.
|
||||
|
||||
o Minor features (relay):
|
||||
- Allow separation of exit and relay traffic to different source IP
|
||||
addresses. Closes ticket 17975. Written by Michael Sonntag.
|
||||
- We now allow separation of exit and relay traffic to different
|
||||
source IP addresses, using the OutboundBindAddressExit and
|
||||
OutboundBindAddressOR options respectively. Closes ticket 17975.
|
||||
Written by Michael Sonntag.
|
||||
|
||||
o Minor bugfix (logging):
|
||||
- Don't recommend the use of Tor2web in non anonymous mode. In that
|
||||
mode, we disable client functionalities and recommending Tor2web
|
||||
as a solution is a bad idea because in that case client loses all
|
||||
anonymity. Tor2web should really only be used in very specific
|
||||
cases and with users *knowing* what they do. Fixes bug 21294;
|
||||
bugfix on 0.2.9.3-alpha.
|
||||
- Don't recommend the use of Tor2web in non-anonymous mode.
|
||||
Recommending Tor2web is a bad idea because the client loses all
|
||||
anonymity. Tor2web shouldy only be used in specific cases by users
|
||||
who *know* and understand the issues. Fixes bug 21294; bugfix
|
||||
on 0.2.9.3-alpha.
|
||||
|
||||
o Minor bugfixes (client):
|
||||
- Always recover from failures in extend_info_from_node(), in an
|
||||
@ -90,38 +100,39 @@ Changes in version 0.3.0.3-alpha - 2017-02-03
|
||||
|
||||
o Minor bugfixes (configure, autoconf):
|
||||
- Rename the configure option --enable-expensive-hardening to
|
||||
--enable-fragile-hardening. TROVE-2017-001 was triggerable only
|
||||
through the expensive hardening which is making the tor daemon
|
||||
abort when the issue is detected. Thus, it makes tor more at risk
|
||||
of remote crashes but safer against RCE or heartbleed bug
|
||||
category. Fixes bug 21290; bugfix on 0.2.5.4-alpha.
|
||||
--enable-fragile-hardening. Expensive hardening makes the tor
|
||||
daemon abort when some kinds of issues are detected. Thus, it
|
||||
makes tor more at risk of remote crashes but safer against RCE or
|
||||
heartbleed bug category. We now try to explain this issue in a
|
||||
message from the configure script. Fixes bug 21290; bugfix
|
||||
on 0.2.5.4-alpha.
|
||||
|
||||
o Minor bugfixes (controller):
|
||||
- Restore the (deprecated) DROPGUARDS controller command. Fixes bug
|
||||
20824; bugfix on 0.3.0.1-alpha.
|
||||
|
||||
o Minor bugfixes (hidden service):
|
||||
- Cleanup expiring intro point nodes if no circuit is associated to
|
||||
it anymore. It was causing, rarely, the service to not open enough
|
||||
introduction points circuit in the case we had dead expiring
|
||||
nodes.; bugfix on 0.2.7.2-alpha.
|
||||
- Stop modifying the value of our torrc option
|
||||
HiddenServiceStatistics just because we're not a bridge or relay.
|
||||
Use an internal value for what tor should use and keep the torrc
|
||||
option intact. Fixes bug 21150; bugfix on 0.2.6.2-alpha.
|
||||
- Clean up the code for expiring intro points with no associated
|
||||
circuits. It was causing, rarely, a service with some expiring
|
||||
nodes to not open enough introduction points. Fixes part of bug
|
||||
21302; bugfix on 0.2.7.2-alpha.
|
||||
- Stop setting the torrc option HiddenServiceStatistics to "0" just
|
||||
because we're not a bridge or relay. Instead, we preserve whatever
|
||||
value the user set (or didn't set). Fixes bug 21150; bugfix
|
||||
on 0.2.6.2-alpha.
|
||||
- Two possible underflow which would ultimately lead to creating a
|
||||
lot of introduction points circuits and closing them in a non stop
|
||||
loop. Fixes bug 21302; bugfix on 0.2.7.2-alpha.
|
||||
|
||||
o Minor bugfixes (portability):
|
||||
- Use "OpenBSD" pre-defined compiler macro instead of "OPENBSD" or
|
||||
"__OpenBSD__". It is supported by OpenBSD itself and also most
|
||||
OpenBSD variants like Bitrig. Fixes bug 20980; bugfix
|
||||
- Use "OpenBSD" compiler macro instead of "OPENBSD" or "__OpenBSD__".
|
||||
It is supported by OpenBSD itself, and also by most OpenBSD
|
||||
variants (such as Bitrig). Fixes bug 20980; bugfix
|
||||
on 0.1.2.1-alpha.
|
||||
- Do not silently truncate content of files if they are larger than
|
||||
SIZE_MAX bytes. This issue could occur on 32 bit systems with
|
||||
large file support and files which are larger than 4 GB. Fixes bug
|
||||
21134; bugfix on 0.3.0.1-alpha.
|
||||
- When mapping a file of length greater than SIZE_MAX, do not
|
||||
silently its contents. This issue could occur on 32 bit systems
|
||||
with large file support and files which are larger than 4 GB.
|
||||
Fixes bug 21134; bugfix on 0.3.0.1-alpha.
|
||||
|
||||
o Minor bugfixes (tor-resolve):
|
||||
- The tor-resolve command line tool now rejects hostnames over 255
|
||||
|
Loading…
Reference in New Issue
Block a user