Changelog: more clarity and fixing

2025-02-22 22:25:51 +01:00 · 2015-09-24 14:08:30 -04:00 · 2015-09-24 14:08:30 -04:00 · f55cdee0db
commit f55cdee0db
parent 744f8c8277
1 changed files with 30 additions and 24 deletions
--- a/54
+++ b/54
@ -10,19 +10,23 @@ Changes in version 0.2.7.3-rc - 2015-09-24
  connection) raise the coverage to 64.49%.

  o Major features (security, hidden services):
-    - Hidden services are required to use more than one EntryNode, to
-      avoid a guard discovery attack. See ticket for more information.
-      Fixes ticket 14917.
+    - Hidden services, if using the EntryNodes option, are required to
+      use more than one EntryNode, in order to avoid a guard discovery
+      attack. (This would only affect people who had configured hidden
+      services and manually specified the EntryNodes option with a
+      single entry-node. The impact was that it would be easy to
+      remotely identify the guard node used by such a hidden service.
+      See ticket for more information.) Fixes ticket 14917.

  o Major features (Ed25519 keys, keypinning):
    - The key-pinning option on directory authorities is now advisory-
      only by default. In a future version, or when the AuthDirPinKeys
      option is set, pins are enforced again. Disabling key-pinning
      seemed like a good idea so that we can survive the fallout of any
-      usability problems associated with ed25519 keys. Closes
+      usability problems associated with Ed25519 keys. Closes
      ticket 17135.

-  o Major features (ed25519 performance):
+  o Major features (Ed25519 performance):
    - Improve the speed of Ed25519 operations and Curve25519 keypair
      generation when built targeting 32 bit x86 platforms with SSE2
      available. Implements ticket 16535.
@ -41,9 +45,9 @@ Changes in version 0.2.7.3-rc - 2015-09-24
      failure conditions. Thanks to "s7r" for reporting and diagnosing
      so many of these!
    - Add a new OfflineMasterKey option to tell Tor never to try loading
-      or generating a secret ed25519 identity key. You can use this in
+      or generating a secret Ed25519 identity key. You can use this in
      combination with tor --keygen to manage offline and/or encrypted
-      ed25519 keys. Implements ticket 16944.
+      Ed25519 keys. Implements ticket 16944.
    - Add a --newpass option to allow changing or removing the
      passphrase of an encrypted key with tor --keygen. Implements part
      of ticket 16769.
@ -82,7 +86,9 @@ Changes in version 0.2.7.3-rc - 2015-09-24
      drop. This change should make some attacks against the hidden
      service directory system harder. Fixes ticket 15963.
    - Turn on hidden service statistics collection by setting the torrc
-      option HiddenServiceStatistics to "1" by default. Closes
+      option HiddenServiceStatistics to "1" by default. (This keeps
+      track only of the fraction of traffic used by hidden services, and
+      the total number of hidden services in existence.) Closes
      ticket 15254.
    - Client now uses an introduction point failure cache to know when
      to fetch or keep a descriptor in their cache. Previously, failures
@ -91,13 +97,13 @@ Changes in version 0.2.7.3-rc - 2015-09-24

  o Minor features (testing, authorities, documentation):
    - New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags to
-      explicitly manage consensus flags in t3esting networks. Patch by
+      explicitly manage consensus flags in testing networks. Patch by
      "robgjansen", modified by "teor". Implements part of ticket 14882.

  o Minor bugfixes (security, exit policies):
    - ExitPolicyRejectPrivate now also rejects the relay's published
      IPv6 address (if any), and any publicly routable IPv4 or IPv6
-      addresses on any local interfacesn. ticket 17027. Patch by "teor".
+      addresses on any local interfaces. ticket 17027. Patch by "teor".
      Fixes bug 17027; bugfix on 0.2.0.11-alpha.

  o Minor bug fixes (torrc exit policies):
@ -112,7 +118,7 @@ Changes in version 0.2.7.3-rc - 2015-09-24
      including any ExitPolicy lines after accept *:* or reject *:*.
      Related to ticket 16069.
    - When parsing torrc ExitPolicies, we now issue an info-level
-      message: when expanding an "accept/reject *" line to include both
+      message when expanding an "accept/reject *" line to include both
      IPv4 and IPv6 wildcard addresses. Related to ticket 16069.
    - In each instance above, usage advice is provided to avoid the
      message. Resolves ticket 16069. Patch by "teor". Fixes part of bug
@ -121,8 +127,8 @@ Changes in version 0.2.7.3-rc - 2015-09-24
  o Minor bugfixes (authority):
    - Don't assign "HSDir" to a router if it isn't Valid and Running.
      Fixes bug 16524; bugfix on 0.2.7.2-alpha.
-    - Downgrade log messages about Ed25519 key issues, if they are in
-      old cached router descriptors. Fixes part of bug 16286; bugfix
+    - Downgrade log messages about Ed25519 key issues if they are in old
+      cached router descriptors. Fixes part of bug 16286; bugfix
      on 0.2.7.2-alpha.
    - When we find an Ed25519 key issue in a cached descriptor, stop
      saying the descriptor was just "uploaded". Fixes another part of
@ -140,8 +146,8 @@ Changes in version 0.2.7.3-rc - 2015-09-24
      incorrectly removed. Fixes bug 16924; bugfix on 0.2.4.4-alpha.

  o Minor bugfixes (documentation):
-    - Advise users how to configure separate IPv4 and IPv6 exit policies
-      in the manpage and sample torrcs. Related to ticket 16069.
+    - Advise users on how to configure separate IPv4 and IPv6 exit
+      policies in the manpage and sample torrcs. Related to ticket 16069.
    - Fix the usage message of tor-resolve(1) so that it no longer lists
      the removed -F option. Fixes bug 16913; bugfix on 0.2.2.28-beta.
    - Fix an error in the manual page and comments for
@ -171,7 +177,7 @@ Changes in version 0.2.7.3-rc - 2015-09-24
    - Try harder to normalize the exit status of the Tor process to the
      standard-provided range. Fixes bug 16975; bugfix on every version
      of Tor ever.
-    - Check correctly for windows socket errors in the workqueue
+    - Check correctly for Windows socket errors in the workqueue
      backend. Fixes bug 16741; bugfix on 0.2.6.3-alpha.
    - Fix the behavior of crypto_rand_time_range() when told to consider
      times before 1970. (These times were possible when running in a
@ -183,7 +189,7 @@ Changes in version 0.2.7.3-rc - 2015-09-24
  o Minor bugfixes (relay):
    - Ensure that worker threads actually exit when a fatal error or
      shutdown is indicated. This fix doesn't currently affect the
-      behaviour of Tor, because Tor workers never indicates fatal error
+      behavior of Tor, because Tor workers never indicates fatal error
      or shutdown except in the unit tests. Fixes bug 16868; bugfix
      on 0.2.6.3-alpha.
    - Unblock threads before releasing the work queue mutex to ensure
@ -206,14 +212,14 @@ Changes in version 0.2.7.3-rc - 2015-09-24
      directory_all_unreachable() into a callback. Closes ticket 16762.
    - Treat the loss of an owning controller as equivalent to a SIGTERM
      signal. This removes a tiny amount of duplicated code, and
-      simplifies our callgraph. Closes ticekt 16788.
+      simplifies our callgraph. Closes ticket 16788.
    - When generating an event to send to the controller, we no longer
      put the event over the network immediately. Instead, we queue
      these events, and use a Libevent callback to deliver them. This
      change simplifies Tor's callgraph by reducing the number of
      functions from which all other Tor functions are reachable. Closes
      ticket 16695.
-    - Wrap windows-only C files inside '#ifdef _WIN32' so that tools
+    - Wrap Windows-only C files inside '#ifdef _WIN32' so that tools
      that try to scan or compile every file on Unix won't decide that
      they are broken.
    - Remove the unused "nulterminate" argument from buf_pullup().
@ -230,7 +236,7 @@ Changes in version 0.2.7.3-rc - 2015-09-24
      distribution, in favor of the pure-Go clone available from
      https://github.com/Yawning/tor-fw-helper . The libraries used by
      the C tor-fw-helper are not, in our opinion, very confidence-
-      inspiring in their secure-proggramming techniques. Closes
+      inspiring in their secure-programming techniques. Closes
      ticket 13338.
    - Remove the code that would try to aggressively flush controller
      connections while writing to them. This code was introduced in
@ -243,9 +249,9 @@ Changes in version 0.2.7.3-rc - 2015-09-24
    - Make "bridges+hs" the default test network. This tests almost all
      tor functionality during make test-network, while allowing tests
      to succeed on non-IPv6 systems. Requires chutney commit 396da92 in
-      test-network-bridges-hs. Closes tickets 16945 (tor), 16946
-      (chutney) . Patches by "teor".
-    - Autodetect CHUTNEY_PATH if the chutney and tor sources are side-
+      test-network-bridges-hs. Closes tickets 16945 (tor) and 16946
+      (chutney). Patches by "teor".
+    - Autodetect CHUTNEY_PATH if the chutney and Tor sources are side-
      by-side in the same parent directory. Closes ticket 16903. Patch
      by "teor".
    - Add a new set of callgraph analysis scripts that use clang to
@ -254,7 +260,7 @@ Changes in version 0.2.7.3-rc - 2015-09-24
      our code structure by identifying illogical dependencies.
    - Add new 'test-full' and 'test-full-online' targets to run all
      tests, including integration tests with stem and chutney.
-    - Make the test-workqueue test work on windows by initializing the
+    - Make the test-workqueue test work on Windows by initializing the
      network before we begin.
    - New make target (make test-network-all) to run multiple applicable
      chutney test cases. Patch from Teor; closes 16953.