Sfoglia il codice sorgente

Edit changelog a little for clarity and conciseness

Nick Mathewson 8 anni fa
parent
commit
8b1ea18961
1 ha cambiato i file con 86 aggiunte e 71 eliminazioni
  1. 86 71
      ChangeLog

+ 86 - 71
ChangeLog

@@ -1,4 +1,4 @@
-Changes in version 0.2.9.1-alpha - 2016-08-0?
+Changes in version 0.2.9.1-alpha - 2016-08-08
   Tor 0.2.9.1-alpha is the first alpha release in the 0.2.9 development
   series. It improves our support for hardened builds and compiler
   warnings, deploys some critical infrastructure for improvements to
@@ -7,24 +7,28 @@ Changes in version 0.2.9.1-alpha - 2016-08-0?
   log unexpected events, and contains other small improvements to
   security, correctness, and performance.
 
+  Below are the changes since 0.2.8.6.
+
   o New system requirements:
-    - Tor requires Libevent version 2.0.10-stable or later now. This
-      implements ticket 19554.
-    - We now require zlib version 1.2 or later. (Back when we started,
+    - Tor now requires Libevent version 2.0.10-stable or later. Older
+      versions of Libevent have less efficient backends for several
+      platforms, and lack the DNS code that we use for our server-side
+      DNS support. This implements ticket 19554.
+    - Tor now requires zlib version 1.2 or later, for security,
+      efficiency, and (eventually) gzip support. (Back when we started,
       zlib 1.1 and zlib 1.0 were still found in the wild. 1.2 was
       released in 2003. We recommend the latest version.)
 
   o Major features (build, hardening):
     - Tor now builds with -ftrapv by default on compilers that support
-      it. This option detects signed integer overflow, and turns it into
-      a hard-failure. We do not apply this option to code that needs to
-      run in constant time to avoid side-channels; instead, we use
-      -fwrapv. Closes ticket 17983.
+      it. This option detects signed integer overflow (which C forbids),
+      and turns it into a hard-failure. We do not apply this option to
+      code that needs to run in constant time to avoid side-channels;
+      instead, we use -fwrapv in that code. Closes ticket 17983.
     - When --enable-expensive-hardening is selected, stop applying the
-      clang/gcc sanitizers to code that needs to run in constant-time to
-      avoid side channels: although we are aware of no introduced side-
-      channels, we are not able to prove that this is safe. Related to
-      ticket 17983.
+      clang/gcc sanitizers to code that needs to run in constant time.
+      Although we are aware of no introduced side-channels, we are not
+      able to prove that there are none. Related to ticket 17983.
 
   o Major features (compilation):
     - Our big list of extra GCC warnings is now enabled by default when
@@ -33,23 +37,25 @@ Changes in version 0.2.9.1-alpha - 2016-08-0?
       errors, pass --enable-fatal-warnings to configure. Closes
       ticket 19044.
     - Use the Autoconf macro AC_USE_SYSTEM_EXTENSIONS to automatically
-      turn on C and POSIX extensions. Closes ticket 19139.
+      turn on C and POSIX extensions. (Previously, we attempted to do
+      this on an ad hoc basis.) Closes ticket 19139.
 
   o Major features (directory authorities, hidden services):
     - Directory authorities can now perform the shared randomness
       protocol specified by proposal 250. Using this protocol, directory
-      authorities can generate a global fresh random number every day.
-      In the future, this global randomness will be used by hidden
-      services to select their responsible HSDirs. This release only
-      implements the directory authority feature; the hidden service
-      side will be implemented in the future as part of proposal 224.
-      Resolves ticket 16943; implements proposal 250.
-
-  o Major features (downloading):
-    - Use random exponential backoffs when retrying downloads from the
-      dir servers. This prevents a group of Tor instances from becoming
-      too synchronized, or a single Tor instance from becoming too
-      predictable, in its download schedule. Closes ticket 15942.
+      authorities generate a global fresh random value every day. In the
+      future, this value will be used by hidden services to select
+      HSDirs. This release implements the directory authority feature;
+      the hidden service side will be implemented in the future as part
+      of proposal 224. Resolves ticket 16943; implements proposal 250.
+
+  o Major features (downloading, random exponential backoff):
+    - When we fail to download an object from a directory service, wait
+      for an (exponentially increasing) randomized amount of time before
+      retrying, rather than a fixed interval as we did before. This
+      prevents a group of Tor instances from becoming too synchronized,
+      or a single Tor instance from becoming too predictable, in its
+      download schedule. Closes ticket 15942.
 
   o Major bugfixes (exit policies):
     - Avoid disclosing exit outbound bind addresses, configured port
@@ -63,47 +69,47 @@ Changes in version 0.2.9.1-alpha - 2016-08-0?
     - Allow Tor clients with appropriate controllers to work with
       FetchHidServDescriptors set to 0. Previously, this option also
       disabled descriptor cache lookup, thus breaking hidden services
-      entirely when it was set. Fixes bug 18704; bugfix on 0.2.0.20-rc.
-      Patch by "twim".
+      entirely. Fixes bug 18704; bugfix on 0.2.0.20-rc. Patch by "twim".
 
   o Minor features (build, hardening):
-    - Detect and work around a libclang_rt problem that prevents clang
-      from finding __mulodi4() on some 32-bit platforms. This clang bug
-      would keep -ftrapv from linking on those systems. Closes
-      ticket 19079.
-    - When building on a system without runtime support for some of the
-      runtime hardening options, try to log a useful warning at
-      configuration time, rather than an incomprehensible warning at
-      link time. If expensive hardening was requested, this warning
-      becomes an error. Closes ticket 18895.
+    - Detect and work around a libclang_rt problem that would prevent
+      clang from finding __mulodi4() on some 32-bit platforms, and thus
+      keep -ftrapv from linking on those systems. Closes ticket 19079.
+    - When building on a system without runtime support for the runtime
+      hardening options, try to log a useful warning at configuration
+      time, rather than an incomprehensible warning at link time. If
+      expensive hardening was requested, this warning becomes an error.
+      Closes ticket 18895.
 
   o Minor features (code safety):
-    - In our integer-parsing functions, check that the maxiumum value
-      given is no smaller than the minimum value. Closes ticket 19063;
+    - In our integer-parsing functions, ensure that maxiumum value we
+      give is no smaller than the minimum value. Closes ticket 19063;
       patch from U+039b.
 
   o Minor features (controller):
-    - Implement new GETINFO queries for all downloads using
-      download_status_t to schedule retries. Closes ticket 19323.
-    - Add support for configuring basic client authorization on hidden
-      services created with the ADD_ONION control command. Implements
-      ticket 15588. Patch by "special".
-    - Fire a `STATUS_SERVER` event whenever the hibernation status
-      changes between "awake"/"soft"/"hard". Closes ticket 18685.
+    - Implement new GETINFO queries for all downloads that use
+      download_status_t to schedule retries. This allows controllers to
+      examine the schedule for pending downloads. Closes ticket 19323.
+    - Allow controllers to configure basic client authorization on
+      hidden services when they create them with the ADD_ONION control
+      command. Implements ticket 15588. Patch by "special".
+    - Fire a STATUS_SERVER controller event whenever the hibernation
+      status changes between "awake"/"soft"/"hard". Closes ticket 18685.
 
   o Minor features (directory authority):
     - Directory authorities now only give the Guard flag to a relay if
       they are also giving it the Stable flag. This change allows us to
-      simplify path selection for clients, and it should have minimal
-      effect in practice since >99% of Guards already have the Stable
-      flag. Implements ticket 18624.
-    - Make directory authorities write the v3-status-votes file out to
-      disk earlier in the consensus process, so we have the votes even
-      if we abort the consensus process later. Resolves ticket 19036.
+      simplify path selection for clients. It should have minimal effect
+      in practice, since >99% of Guards already have the Stable flag.
+      Implements ticket 18624.
+    - Directory authorities now write their v3-status-votes file out to
+      disk earlier in the consensus process, so we have a record of the
+      votes even if we abort the consensus process. Resolves
+      ticket 19036.
 
   o Minor features (hidden service):
     - Stop being so strict about the payload length of "rendezvous1"
-      cells. We used to be locked in to the "tap" handshake length, and
+      cells. We used to be locked in to the "TAP" handshake length, and
       now we can handle better handshakes like "ntor". Resolves
       ticket 18998.
 
@@ -123,15 +129,22 @@ Changes in version 0.2.9.1-alpha - 2016-08-0?
     - Provide a more useful warning message when configured with an
       invalid Nickname. Closes ticket 18300; patch from "icanhasaccount".
     - When dumping unparseable router descriptors, optionally store them
-      in separate filenames by hash, up to a configurable limit. Closes
-      ticket 18322.
+      in separate files, named by digest, up to a configurable size
+      limit. You can change the size limit by setting the
+      MaxUnparseableDescSizeToLog option, and disable this feature by
+      setting that option to 0. Closes ticket 18322.
     - Add a set of macros to check nonfatal assertions, for internal
       use. Migrating more of our checks to these should help us avoid
       needless crash bugs. Closes ticket 18613.
 
   o Minor features (performance):
-    - When fetching a consensus for the first time, use optimistic data.
-      This saves a round-trip during startup. Closes ticket 18815.
+    - Changer the "optimistic data" extension from "off by default" to
+      "on by default". The default was ordinarily overridden by a
+      consensus option, but when clients were bootstrapping for the
+      first time, they would not have a consensus to get the option
+      from. Changing this default When fetching a consensus for the
+      first time, use optimistic data. This saves a round-trip during
+      startup. Closes ticket 18815.
 
   o Minor features (relay, usability):
     - When the directory authorities refuse a bad relay's descriptor,
@@ -154,30 +167,31 @@ Changes in version 0.2.9.1-alpha - 2016-08-0?
   o Minor bugfixes (bootstrap):
     - Remember the directory we fetched the consensus or previous
       certificates from, and use it to fetch future authority
-      certificates. Fixes bug 18963; bugfix on 0.2.8.1-alpha.
+      certificates. This change improves bootstrapping performance.
+      Fixes bug 18963; bugfix on 0.2.8.1-alpha.
 
   o Minor bugfixes (build):
-    - Make the test-stem and test-network targets depend only on the tor
-      binary that they will be testing. Previously, they depended on
+    - The test-stem and test-network makefile targets now depend only on
+      the tor binary that they are testing. Previously, they depended on
       "make all". Fixes bug 18240; bugfix on 0.2.8.2-alpha. Based on a
       patch from "cypherpunks".
 
   o Minor bugfixes (circuits):
-    - Make sure extend_info_from_router is only called on servers. Fixes
-      bug 19639; bugfix on 0.2.8.1-alpha.
+    - Make sure extend_info_from_router() is only called on servers.
+      Fixes bug 19639; bugfix on 0.2.8.1-alpha.
 
   o Minor bugfixes (compilation):
-    - When building with Clang, include our full array of GCC warnings.
+    - When building with Clang, use a full set of GCC warnings.
       (Previously, we included only a subset, because of the way we
       detected them.) Fixes bug 19216; bugfix on 0.2.0.1-alpha.
 
   o Minor bugfixes (directory authority):
     - Authorities now sort the "package" lines in their votes, for ease
-      of debugging. (They are already sorted in the consensus
-      documents.) Fixes bug 18840; bugfix on 0.2.6.3-alpha.
-    - When parsing detached signature, make sure we use the length of
+      of debugging. (They are already sorted in consensus documents.)
+      Fixes bug 18840; bugfix on 0.2.6.3-alpha.
+    - When parsing a detached signature, make sure we use the length of
       the digest algorithm instead of an hardcoded DIGEST256_LEN in
-      order to avoid comparing bytes out of bound with a smaller digest
+      order to avoid comparing bytes out-of-bounds with a smaller digest
       length such as SHA1. Fixes bug 19066; bugfix on 0.2.2.6-alpha.
 
   o Minor bugfixes (documentation):
@@ -190,7 +204,7 @@ Changes in version 0.2.9.1-alpha - 2016-08-0?
 
   o Minor bugfixes (ephemeral hidden service):
     - When deleting an ephemeral hidden service, close its intro points
-      even if they are not in the open state. Fixes bug 18604; bugfix
+      even if they are not completely open. Fixes bug 18604; bugfix
       on 0.2.7.1-alpha.
 
   o Minor bugfixes (guard selection):
@@ -204,8 +218,9 @@ Changes in version 0.2.9.1-alpha - 2016-08-0?
 
   o Minor bugfixes (hidden service client):
     - Increase the minimum number of internal circuits we preemptively
-      build from 2 to 3 so they are available when a client connects to
-      another onion service. Fixes bug 13239; bugfix on 0.1.0.1-rc.
+      build from 2 to 3, so a circuit is available when a client
+      connects to another onion service. Fixes bug 13239; bugfix
+      on 0.1.0.1-rc.
 
   o Minor bugfixes (logging):
     - When logging a directory ownership mismatch, log the owning
@@ -241,8 +256,8 @@ Changes in version 0.2.9.1-alpha - 2016-08-0?
       in the counter. Now, if the number of messages hits a maximum, the
       rate-limiter doesn't count any further. Fixes bug 19435; bugfix
       on 0.2.4.11-alpha.
-    - Fix a typo in the getting passphrase prompt for the ed25519
-      identity key. Fixes bug 19503; bugfix on 0.2.7.2-alpha.
+    - Fix a typo in the passphrase prompt for the ed25519 identity key.
+      Fixes bug 19503; bugfix on 0.2.7.2-alpha.
 
   o Code simplification and refactoring:
     - Remove redundant declarations of the MIN macro. Closes