Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Reflow the changelog again.

Nick Mathewson 8 years ago
parent
0fb77ca4a3
commit
532a43ed3f
1 changed files with 85 additions and 85 deletions
Split View Show Diff Stats
  1. 85 85
      ChangeLog

+ 85 - 85
ChangeLog
View File 

@@ -2,76 +2,68 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
 
   Tor 0.2.8.1-alpha is the first alpha release in its series. It
 
   includes numerous small features and bugfixes against previous Tor
 
   versions, and numerous small infrastructure improvements. The most
 
-  notable features are a set of improvements to the directory
 
-  subsystem.
 
-
 
-  o Major key updates:
 
-    - Update the V3 identity key for the dannenberg directory authority:
 
-      it was changed on 18 November 2015. Closes task 17906. Patch by
 
-      "teor".
 
-
 
-  o Removed features:
 
-    - Remove client-side support for connecting to Tor servers running
 
-      versions of Tor before 0.2.3.6-alpha. These servers didn't support
 
-      the v3 TLS handshake protocol, and are no longer allowed on the
 
-      Tor network. Implements the client side of ticket 11150. Based on
 
-      patches by Tom van der Woerdt.
 
+  notable features are a set of improvements to the directory subsystem.
 
 
   o Major features (security, Linux):
 
-    - When Tor starts as root on Linux and is told to switch user ID,
 
-      it can now retain the capability to bind to low ports. By
 
-      default, Tor will do this only when it's switching user ID and
 
-      some low ports have been configured. You can change this behavior
 
-      with the new option KeepBindCapabilities. Closes ticket 8195.
 
+    - When Tor starts as root on Linux and is told to switch user ID, it
 
+      can now retain the capability to bind to low ports. By default,
 
+      Tor will do this only when it's switching user ID and some low
 
+      ports have been configured. You can change this behavior with the
 
+      new option KeepBindCapabilities. Closes ticket 8195.
 
 
   o Major features (directory system):
 
-    - When bootstrapping we not launch multiple consensus downloads
 
-      at a time, use the first one that starts downloading, and close the
 
-      rest. This reduces failures when authorities or fallback directories are slow or down.
 
-      Together with the code for feature 15775, this feature should reduces failures due
 
-      to fallback churn. Implements ticket 4483.
 
-      Patch by "teor". Implements IPv4 portions
 
+    - When bootstrapping we not launch multiple consensus downloads at a
 
+      time, use the first one that starts downloading, and close the
 
+      rest. This reduces failures when authorities or fallback
 
+      directories are slow or down. Together with the code for feature
 
+      15775, this feature should reduces failures due to fallback churn.
 
+      Implements ticket 4483. Patch by "teor". Implements IPv4 portions
 
       of proposal 210 by "mikeperry" and "teor".
 
-    - Include a trial list of default fallback directories, based
 
-      on an opt-in survey of suitable relays. Doing this should make
 
-      clients bootstrap more quickly and reliably, and reduce the
 
-      load on the directory authorities. Closes ticket 15775. Patch by
 
-      "teor". Candidates identified using an OnionOO script by "weasel", "teor", "gsathya",
 
-      and "karsten".
 
+    - Include a trial list of default fallback directories, based on an
 
+      opt-in survey of suitable relays. Doing this should make clients
 
+      bootstrap more quickly and reliably, and reduce the load on the
 
+      directory authorities. Closes ticket 15775. Patch by "teor".
 
+      Candidates identified using an OnionOO script by "weasel", "teor",
 
+      "gsathya", and "karsten".
 
     - Previously only relays that explicitly opened a directory port
 
       (DirPort) accepted directory requests from clients. Now all
 
-      relays, with and without a DirPort,
 
-      accept and serve tunneled directory requests that they
 
-      receive through their ORPort.  You can disable this behavior using
 
-      the new DirCache option.
 
-      Closes ticket 12538.
 
+      relays, with and without a DirPort, accept and serve tunneled
 
+      directory requests that they receive through their ORPort. You can
 
+      disable this behavior using the new DirCache option. Closes
 
+      ticket 12538.
 
+
 
+  o Major key updates:
 
+    - Update the V3 identity key for the dannenberg directory authority:
 
+      it was changed on 18 November 2015. Closes task 17906. Patch
 
+      by "teor".
 
 
   o Minor features (security, clock):
 
-    - Warn when the system clock appears to move back in time (when the state
 
-      file was last written in the future). Tor doesn't know that
 
+    - Warn when the system clock appears to move back in time (when the
 
+      state file was last written in the future). Tor doesn't know that
 
       consensuses have expired if the clock is in the past. Patch by
 
       "teor". Implements ticket 17188.
 
 
   o Minor features (security, exit policies):
 
-    - ExitPolicyRejectPrivate now rejects more private addresses by default.
 
-      Specifically, it now rejects the relay's outbound bind addresses (if
 
-      configured), and the relay's configured port addresses (such as
 
-      ORPort and DirPort). Fixes bug 17027; bugfix on 0.2.0.11-alpha.
 
-      Patch by "teor".
 
+    - ExitPolicyRejectPrivate now rejects more private addresses by
 
+      default. Specifically, it now rejects the relay's outbound bind
 
+      addresses (if configured), and the relay's configured port
 
+      addresses (such as ORPort and DirPort). Fixes bug 17027; bugfix on
 
+      0.2.0.11-alpha. Patch by "teor".
 
 
   o Minor features (security, memory erasure):
 
     - Set the unused entires in a smartlist to NULL. This helped catch
 
       a (harmless) bug, and shouldn't affect performance too much.
 
       Implements ticket 17026.
 
     - Use SecureMemoryWipe() function to securely clean memory on
 
-      Windows. Previously we'd use OpenSSL's OPENSSL_cleanse() function. Implements feature 17986.
 
+      Windows. Previously we'd use OpenSSL's OPENSSL_cleanse() function.
 
+      Implements feature 17986.
 
     - Use explicit_bzero or memset_s when present. Previously, we'd use
 
       OpenSSL's OPENSSL_cleanse() function. Closes ticket 7419; patches
 
       from <logan@hackers.mu> and <selven@hackers.mu>.
 
-    - Make memwipe() do nothing when passed a NULL pointer or buffer of zero size.
 
-      Check size argument to memwipe() for underflow. Fixes bug 18089;
 
-      bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk", patch
 
-      by "teor".
 
+    - Make memwipe() do nothing when passed a NULL pointer or buffer of
 
+      zero size. Check size argument to memwipe() for underflow. Fixes
 
+      bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk",
 
+      patch by "teor".
 
 
   o Minor features (security, RNG):
 
     - Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely,
 
@@ -79,17 +71,17 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
 
       internal details of OpenSSL's behavior. Closes ticket 17686.
 
     - Never use the system entropy output directly for anything besides
 
       seeding the PRNG. When we want to generate important keys, instead
 
-      of using system entropy directly, we now hash it with the PRNG stream.
 
-      This may help resist certain attacks based on broken OS entropy
 
-      implementations. Closes part of ticket 17694.
 
-    - Use modern system calls (like getentropy() or getrandom()) to generate strong entropy on platforms
 
-      that have them. Closes ticket 13696.
 
+      of using system entropy directly, we now hash it with the PRNG
 
+      stream. This may help resist certain attacks based on broken OS
 
+      entropy implementations. Closes part of ticket 17694.
 
+    - Use modern system calls (like getentropy() or getrandom()) to
 
+      generate strong entropy on platforms that have them. Closes
 
+      ticket 13696.
 
 
   o Minor features (accounting):
 
-    - Added two modes to the AccountingRule option: One for limiting only
 
-      the number of bytes sent ("AccountingRule out"), and one for
 
-      limiting only the number of bytes
 
-      received ("AccountingRule in").
 
+    - Added two modes to the AccountingRule option: One for limiting
 
+      only the number of bytes sent ("AccountingRule out"), and one for
 
+      limiting only the number of bytes received ("AccountingRule in").
 
       Closes ticket 15989; patch from "unixninja92".
 
 
   o Minor features (build):
 
@@ -106,10 +98,10 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
 
     - New 'GETINFO hs/service/desc/id/' command to retrieve a hidden
 
       service descriptor from a service's local hidden service
 
       descriptor cache. Closes ticket 14846.
 
-    - Add  'GETINFO exit-policy/reject-private/[default,relay]', so
 
-      controllers can examine the
 
-      the reject rules added by ExitPolicyRejectPrivate. This makes
 
-      it easier for stem to display exit policies.
 
+    - Add 'GETINFO exit-policy/reject-private/[default,relay]', so
 
+      controllers can examine the the reject rules added by
 
+      ExitPolicyRejectPrivate. This makes it easier for stem to display
 
+      exit policies.
 
 
   o Minor features (crypto):
 
     - Add SHA512 support to crypto.c. Closes ticket 17663; patch from
 
@@ -124,23 +116,24 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
 
       Fixes bug 17544; bugfix on 0.2.5.3-alpha.
 
 
   o Minor features (directory downloads):
 
-    - Wait for busy authorities and fallback directories to become non-busy when
 
-      bootstrapping. (A similar change was made in 6c443e987d for
 
-      directory caches chosen from the consensus.) Closes ticket 17864;
 
-      patch by "teor".
 
+    - Wait for busy authorities and fallback directories to become non-
 
+      busy when bootstrapping. (A similar change was made in 6c443e987d
 
+      for directory caches chosen from the consensus.) Closes ticket
 
+      17864; patch by "teor".
 
     - Add UseDefaultFallbackDirs, which enables any hard-coded fallback
 
-      directory mirrors. The default is 1; set it to 0 to disable fallbacks.
 
-      Implements ticket 17576. Patch by "teor".
 
+      directory mirrors. The default is 1; set it to 0 to disable
 
+      fallbacks. Implements ticket 17576. Patch by "teor".
 
 
   o Minor features (geoip):
 
     - Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2
 
       Country database.
 
 
   o Minor features (IPv6):
 
-    - Add an argument 'ipv6=address:orport' to the DirAuthority and FallbackDir
 
-      torrc options, to specify an IPv6 address for an authority or fallback directory. Add hard-coded ipv6 addresses for directory
 
-      authorities that have them. Closes ticket
 
-      17327; patch from Nick Mathewson and "teor".
 
+    - Add an argument 'ipv6=address:orport' to the DirAuthority and
 
+      FallbackDir torrc options, to specify an IPv6 address for an
 
+      authority or fallback directory. Add hard-coded ipv6 addresses for
 
+      directory authorities that have them. Closes ticket 17327; patch
 
+      from Nick Mathewson and "teor".
 
     - Add address policy assume_action support for IPv6 addresses.
 
     - Limit IPv6 mask bits to 128.
 
     - Warn when comparing against an AF_UNSPEC address in a policy, it's
 
@@ -191,9 +184,9 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
 
       need for CAP_READ_SEARCH when using systemd's
 
       CapabilityBoundingSet, or dac_read_search when using SELinux.
 
       Implements part of ticket 17562. Patch from Jamie Nguyen.
 
-    - Introduce a new DataDirectoryGroupReadable option. If it is set to 1, the
 
-      DataDirectory will be made readable by the default GID. Implements
 
-      part of ticket 17562. Patch from Jamie Nguyen.
 
+    - Introduce a new DataDirectoryGroupReadable option. If it is set to
 
+      1, the DataDirectory will be made readable by the default GID.
 
+      Implements part of ticket 17562. Patch from Jamie Nguyen.
 
 
   o Minor bugfixes (accounting):
 
     - The max bandwidth when using 'AccountRule sum' is now correctly
 
@@ -212,11 +205,11 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
 
 
   o Minor bugfixes (compilation):
 
     - Mark all object files that include micro-revision.i as depending
 
-      on it, so as to make parallel builds more reliable.
 
-      Fixes bug 17826; bugfix on 0.2.5.1-alpha.
 
-    - Don't try to use the pthread_condattr_setclock() function unless it
 
-      actually exists. Fixes compilation on NetBSD-6.x. Fixes bug 17819;
 
-      bugfix on 0.2.6.3-alpha.
 
+      on it, so as to make parallel builds more reliable. Fixes bug
 
+      17826; bugfix on 0.2.5.1-alpha.
 
+    - Don't try to use the pthread_condattr_setclock() function unless
 
+      it actually exists. Fixes compilation on NetBSD-6.x. Fixes bug
 
+      17819; bugfix on 0.2.6.3-alpha.
 
     - Fix backtrace compilation on FreeBSD. Fixes bug 17827; bugfix
 
       on tor-0.2.5.2-alpha.
 
     - Fix compilation of sandbox.c with musl-libc. Fixes bug 17347;
 
@@ -308,10 +301,10 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
 
     - Move logging of redundant policy entries in
 
       policies_parse_exit_policy_internal into its own function. Closes
 
       ticket 17608; patch from "juce".
 
-    - Extract the more complicated parts of circuit_mark_for_close() into
 
-      a new function that we run periodically before circuits are freed. This
 
-      change removes more than half of the functions currently in the
 
-      "blob". Closes ticket 17218.
 
+    - Extract the more complicated parts of circuit_mark_for_close()
 
+      into a new function that we run periodically before circuits are
 
+      freed. This change removes more than half of the functions
 
+      currently in the "blob". Closes ticket 17218.
 
     - Clean up a little duplicated code in
 
       crypto_expand_key_material_TAP(). Closes ticket 17587; patch
 
       from "pfrankw".
 
@@ -326,8 +319,8 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
 
       simplifies Tor's callback and prevents the directory-request
 
       launching code from invoking itself recursively. Closes
 
       ticket 17589
 
-    - Remove code for configuring OpenSSL dynamic locks; OpenSSL doesn't use them.
 
-      Closes ticket 17926.
 
+    - Remove code for configuring OpenSSL dynamic locks; OpenSSL doesn't
 
+      use them. Closes ticket 17926.
 
 
   o Documentation:
 
     - Add a description of the correct use of the '--keygen' command-
 
@@ -339,6 +332,13 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
 
       whenever we mention a document that belongs in torspce. Fixes
 
       issue 17392.
 
 
+  o Removed features:
 
+    - Remove client-side support for connecting to Tor servers running
 
+      versions of Tor before 0.2.3.6-alpha. These servers didn't support
 
+      the v3 TLS handshake protocol, and are no longer allowed on the
 
+      Tor network. Implements the client side of ticket 11150. Based on
 
+      patches by Tom van der Woerdt.
 
+
 
   o Testing:
 
     - Add unit tests to check for common RNG failure modes, such as
 
       returning all zeroes, identical values, or incrementing values