Put something useful into the ChangeLog, like past release announcments

svn:r1061

ChangeLog

@@ -1,4 +1,165 @@
-hey, emacs, got something for you: -*- fundamental -*-
-	
-ChangeLog
----------
+Changes in version 0.0.2pre20 - 2004-01-30
+  o New features:
+    - We now have a deb package, and it's in debian unstable. Go to
+      it, apt-getters. :)
+    - I've split the TotalBandwidth option into BandwidthRate (how many
+      bytes per second you want to allow, long-term) and
+      BandwidthBurst (how many bytes you will allow at once before the cap
+      kicks in).  This better token bucket approach lets you, say, set
+      BandwidthRate to 10KB/s and BandwidthBurst to 10MB, allowing good
+      performance while not exceeding your monthly bandwidth quota.
+    - Push out a tls record's worth of data once you've got it, rather
+      than waiting until you've read everything waiting to be read. This
+      may improve performance by pipelining better. We'll see.
+    - Add an AP_CONN_STATE_CONNECTING state, to allow streams to detach
+      from failed circuits (if they haven't been connected yet) and attach
+      to new ones.
+    - Expire old streams that haven't managed to connect. Some day we'll
+      have them reattach to new circuits instead.
+
+  o Bugfixes:
+    - Fix several memory leaks that were causing servers to become bloated
+      after a while.
+    - Fix a few very rare assert triggers. A few more remain.
+    - Setuid to User _before_ complaining about running as root.
+
+
+Changes in version 0.0.2pre19 - 2004-01-07
+  o Bugfixes:
+    - Fix deadlock condition in dns farm. We were telling a child to die by
+      closing the parent's file descriptor to him. But newer children were
+      inheriting the open file descriptor from the parent, and since they
+      weren't closing it, the socket never closed, so the child never read
+      eof, so he never knew to exit. Similarly, dns workers were holding
+      open other sockets, leading to all sorts of chaos.
+    - New cleaner daemon() code for forking and backgrounding.
+    - If you log to a file, it now prints an entry at the top of the
+      logfile so you know it's working.
+    - The onionskin challenge length was 30 bytes longer than necessary.
+    - Started to patch up the spec so it's not quite so out of date.
+
+
+Changes in version 0.0.2pre18 - 2004-01-02
+  o Bugfixes:
+    - Fix endian issues with the 'integrity' field in the relay header.
+    - Fix a potential bug where connections in state
+      AP_CONN_STATE_CIRCUIT_WAIT might unexpectedly ask to write.
+
+
+Changes in version 0.0.2pre17 - 2003-12-30
+  o Bugfixes:
+    - Made --debuglogfile (or any second log file, actually) work.
+    - Resolved an edge case in get_unique_circ_id_by_conn where a smart
+      adversary could force us into an infinite loop.
+
+  o Features:
+    - Each onionskin handshake now includes a hash of the computed key,
+      to prove the server's identity and help perfect forward secrecy.
+    - Changed cell size from 256 to 512 bytes (working toward compatibility
+      with MorphMix).
+    - Changed cell length to 2 bytes, and moved it to the relay header.
+    - Implemented end-to-end integrity checking for the payloads of
+      relay cells.
+    - Separated streamid from 'recognized' (otherwise circuits will get
+      messed up when we try to have streams exit from the middle). We
+      use the integrity-checking to confirm that a cell is addressed to
+      this hop.
+    - Randomize the initial circid and streamid values, so an adversary who
+      breaks into a node can't learn how many circuits or streams have
+      been made so far.
+
+
+Changes in version 0.0.2pre16 - 2003-12-14
+  o Bugfixes:
+    - Fixed a bug that made HUP trigger an assert
+    - Fixed a bug where a circuit that immediately failed wasn't being
+      counted as a failed circuit in counting retries.
+
+  o Features:
+    - Now we close the circuit when we get a truncated cell: otherwise we're
+      open to an anonymity attack where a bad node in the path truncates
+      the circuit and then we open streams at him.
+    - Add port ranges to exit policies
+    - Add a conservative default exit policy
+    - Warn if you're running tor as root
+    - on HUP, retry OR connections and close/rebind listeners
+    - options.EntryNodes: try these nodes first when picking the first node
+    - options.ExitNodes: if your best choices happen to include any of
+      your preferred exit nodes, you choose among just those preferred
+      exit nodes.
+    - options.ExcludedNodes: nodes that are never picked in path building
+
+
+Changes in version 0.0.2pre15 - 2003-12-03
+  o Robustness and bugfixes:
+    - Sometimes clients would cache incorrect DNS resolves, which would
+      really screw things up.
+    - An OP that goes offline would slowly leak all its sockets and stop
+      working.
+    - A wide variety of bugfixes in exit node selection, exit policy
+      handling, and processing pending streams when a new circuit is
+      established.
+    - Pick nodes for a path only from those the directory says are up
+    - Choose randomly from all running dirservers, not always the first one
+    - Increase allowed http header size for directory fetch.
+    - Stop writing to stderr (if we're daemonized it will be closed).
+    - Enable -g always, so cores will be more useful to me.
+    - Switch "-lcrypto -lssl" to "-lssl -lcrypto" for broken distributions.
+
+  o Documentation:
+    - Wrote a man page. It lists commonly used options.
+
+  o Configuration:
+    - Change default loglevel to warn.
+    - Make PidFile default to null rather than littering in your CWD.
+    - OnionRouter config option is now obsolete. Instead it just checks
+      ORPort>0.
+    - Moved to a single unified torrc file for both clients and servers.
+
+
+Changes in version 0.0.2pre14 - 2003-11-29
+  o Robustness and bugfixes:
+    - Force the admin to make the DataDirectory himself
+      - to get ownership/permissions right
+      - so clients no longer make a DataDirectory and then never use it
+    - fix bug where a client who was offline for 45 minutes would never
+      pull down a directory again
+    - fix (or at least hide really well) the dns assert bug that was
+      causing server crashes
+    - warnings and improved robustness wrt clockskew for certs
+    - use the native daemon(3) to daemonize, when available
+    - exit if bind() fails
+    - exit if neither socksport nor orport is defined
+    - include our own tor_timegm (Win32 doesn't have its own)
+    - bugfix for win32 with lots of connections
+    - fix minor bias in PRNG
+    - make dirserver more robust to corrupt cached directory
+
+  o Documentation:
+    - Wrote the design document (woo)
+
+  o Circuit building and exit policies:
+    - Circuits no longer try to use nodes that the directory has told them
+      are down.
+    - Exit policies now support bitmasks (18.0.0.0/255.0.0.0) and
+      bitcounts (18.0.0.0/8).
+    - Make AP connections standby for a circuit if no suitable circuit
+      exists, rather than failing
+    - Circuits choose exit node based on addr/port, exit policies, and
+      which AP connections are standing by
+    - Bump min pathlen from 2 to 3
+    - Relay end cells have a payload to describe why the stream ended.
+    - If the stream failed because of exit policy, try again with a new
+      circuit.
+    - Clients have a dns cache to remember resolved addresses.
+    - Notice more quickly when we have no working circuits
+
+  o Configuration:
+    - APPort is now called SocksPort
+    - SocksBindAddress, ORBindAddress, DirBindAddress let you configure
+      where to bind
+    - RecommendedVersions is now a config variable rather than
+      hardcoded (for dirservers)
+    - Reloads config on HUP
+    - Usage info on -h or --help
+    - If you set User and Group config vars, it'll setu/gid to them.