From 7c39bf0e447a456a9999b3de95ed17fa0e86f157 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Wed, 12 Feb 2014 03:59:59 -0500 Subject: [PATCH] go through and rewrite the changes files to be more user-facing --- changes/10582_tproxy | 5 ++--- changes/10777_netunreach | 11 +++++------ changes/bug10046 | 5 +++-- changes/bug10297 | 7 ++++--- changes/bug10313 | 10 ++++------ changes/bug10324 | 4 +++- changes/bug10365 | 8 ++++---- changes/bug10470 | 4 ++-- changes/bug10485 | 16 ++++------------ changes/bug10536 | 9 ++++----- changes/bug10543 | 7 ++++--- changes/bug10565 | 4 ++-- changes/bug10722 | 16 ++++++++-------- changes/bug10758 | 8 ++++---- changes/bug10777_internal_024 | 7 ++++--- changes/bug10793 | 2 +- changes/bug10842 | 9 +++++---- changes/bug10870 | 6 +++--- changes/bug10881 | 14 +++++++------- changes/bug1376 | 7 +++---- changes/bug4677 | 4 ++-- changes/bug5018 | 8 +++++--- changes/bug5605 | 10 ++++++---- changes/bug7359 | 16 +++++++++------- changes/bug9162 | 14 ++++++++------ changes/bug9206 | 8 ++++---- changes/bug9578 | 9 +++++---- changes/bug9602 | 9 ++++----- changes/bug9651 | 6 ++++-- changes/bug9859 | 12 ++++++++---- changes/bug9869 | 10 ++++------ changes/bug9926 | 6 +++--- changes/bug9934 | 7 ++++--- changes/bug9948 | 8 +++----- changes/feature9777 | 10 +++++++--- changes/prop157-require | 2 +- changes/prop221 | 13 +++++++------ changes/python-tests | 4 ++-- changes/seccomp2-fixes | 3 ++- changes/stack_trace | 2 +- changes/ticket10060 | 4 ++-- changes/ticket8510 | 5 ++--- changes/ticket9839 | 4 ++-- 43 files changed, 171 insertions(+), 162 deletions(-) rewrite changes/bug10485 (65%) rewrite changes/bug10722 (95%) rewrite changes/bug10881 (100%) rewrite changes/bug7359 (99%) rewrite changes/bug9162 (92%) rewrite changes/prop221 (100%) diff --git a/changes/10582_tproxy b/changes/10582_tproxy index 8eed6a29ba..0a05152dd8 100644 --- a/changes/10582_tproxy +++ b/changes/10582_tproxy @@ -1,7 +1,6 @@ o Minor features: - - Add support for the TPROXY transparent proxying facility on Linux. - See documentation for the new TransProxyType option for more details. - Implementation by "thomo". Closes ticket 10582. + See documentation for the new TransProxyType option for more + details. Implementation by "thomo". Closes ticket 10582. diff --git a/changes/10777_netunreach b/changes/10777_netunreach index 899181423f..1156bca5f7 100644 --- a/changes/10777_netunreach +++ b/changes/10777_netunreach @@ -1,7 +1,6 @@ - - Minor bugfixes: - - - Treat ENETUNREACH, EACCES, and EPERM at an exit node as a - NOROUTE error, not an INTERNAL error, since they can apparently - happen when trying to connect to the wrong sort of - netblocks. Fixes a part of bug 10777; bugfix on 0.1.0.1-rc. + o Minor bugfixes: + - Treat ENETUNREACH, EACCES, and EPERM connection failures at an + exit node as a NOROUTE error, not an INTERNAL error, since they + can apparently happen when trying to connect to the wrong sort + of netblocks. Fixes part of bug 10777; bugfix on 0.1.0.1-rc. diff --git a/changes/bug10046 b/changes/bug10046 index b2f545efe9..3286c21b35 100644 --- a/changes/bug10046 +++ b/changes/bug10046 @@ -1,3 +1,4 @@ o Minor bugfixes: - - Fix an always-true assertion in pluggable transports code. Fixes - issue 10046. Found by dcb. + - Fix an always-true assertion in pluggable transports code so it + actually checks what it was trying to check. Fixes bug 10046; + bugfix on 0.2.3.9-alpha. Found by "dcb". diff --git a/changes/bug10297 b/changes/bug10297 index 4cdd80f83b..73c4cde2a5 100644 --- a/changes/bug10297 +++ b/changes/bug10297 @@ -1,4 +1,5 @@ o Minor features: - - Spawn background processes using the CREATE_NO_WINDOW flag on - Windows, in order to prevent a console window from appearing. - Resolves ticket 10297. + - On Windows, spawn background processes using the CREATE_NO_WINDOW + flag. Now Tor Browser Bundle 3.5 with pluggable transports enabled + doesn't pop up a blank console window. (In Tor Browser Bundle 2.x, + Vidalia set this option for us.) Implements ticket 10297. diff --git a/changes/bug10313 b/changes/bug10313 index b29d4daffd..36b3634748 100644 --- a/changes/bug10313 +++ b/changes/bug10313 @@ -1,8 +1,6 @@ o Minor bugfixes: - - Fixed an erroneous pointer comparison that would have allowed - compilers to remove a bounds check in channeltls.c. The fix - was to remove the check entirely, since it was impossible for - the code to overflow the bounds. Noticed by Jared L - Wong. Fixes bug 10313 and 9980. Bugfix on 0.2.0.10-alpha. - + - Remove an erroneous (but impossible and thus harmless) pointer + comparison that would have allowed compilers to skip a bounds + check in channeltls.c. Fixes bugs 10313 and 9980; bugfix on + 0.2.0.10-alpha. Noticed by Jared L Wong and David Fifield. diff --git a/changes/bug10324 b/changes/bug10324 index 9cd7d5bdb8..786a4c1844 100644 --- a/changes/bug10324 +++ b/changes/bug10324 @@ -1,2 +1,4 @@ o Tool changes: - - Make tor-gencert create 2048 bit signing keys. Addresses ticket #10324. + - Make the "tor-gencert" tool used by directory authority operators + create 2048-bit signing keys by default (rather than 1024-bit, since + 1024-bit is uncomfortably small these days). Addresses ticket 10324. diff --git a/changes/bug10365 b/changes/bug10365 index f7a15155dd..f916537340 100644 --- a/changes/bug10365 +++ b/changes/bug10365 @@ -1,7 +1,7 @@ o Minor bugfixes: - - - When receving a VERSIONS cell with an odd number of bytes, close - the connection immediately. Fix for bug 10365; bugfix on - 0.2.0.10-alpha. Spotted by "bobnomnom"; fix by "rl1987". + - When receiving a VERSIONS cell with an odd number of bytes, close + the connection immediately since the cell is malformed. Fixes bug + 10365; bugfix on 0.2.0.10-alpha. Spotted by "bobnomnom"; fix by + "rl1987". diff --git a/changes/bug10470 b/changes/bug10470 index 2b753436d9..274abc990f 100644 --- a/changes/bug10470 +++ b/changes/bug10470 @@ -1,4 +1,4 @@ o Documentation fixes: - - Note that all but one DirPort entry must have the NoAdvertise flag - set. Fix for #10470. + - Document that all but one DirPort entry must have the NoAdvertise + flag set. Fixes bug 10470; bugfix on 0.2.3.3-alpha / 0.2.3.16-alpha. diff --git a/changes/bug10485 b/changes/bug10485 dissimilarity index 65% index d2b3d8be0b..aa599fba72 100644 --- a/changes/bug10485 +++ b/changes/bug10485 @@ -1,12 +1,4 @@ -<<<<<<< HEAD - o Minor bugfixes: - - Turn "circuit handshake stats since last time" log messages into a - heartbeat message. Fixes bug 10485; bugfix on 0.2.4.17-rc. - -||||||| merged common ancestors -======= - o Minor bugfixes: - - Move message about circuit handshake counts into the heartbeat - message where it belongs, instead of logging it once per hour - unconditionally. Fixes bug 10485; bugfix on 0.2.4.17-rc. ->>>>>>> origin/maint-0.2.4 + o Minor bugfixes: + - Turn "circuit handshake stats since last time" log messages into a + heartbeat message. Fixes bug 10485; bugfix on 0.2.4.17-rc. + diff --git a/changes/bug10536 b/changes/bug10536 index e15da7c0f6..be95eafa62 100644 --- a/changes/bug10536 +++ b/changes/bug10536 @@ -1,6 +1,5 @@ - o Minor bugfixes: - - Reject 0-lenth EXTEND2 cells more expicitly. Previously our code would - reject them a bit later than it should have. This bug is - harmless. Fixes bug 10536; bugfix on 0.2.4.8-alpha. Reported by - "cypherpunks". + o Code simplification and refactoring: + - Reject 0-length EXTEND2 cells more explicitly. Fixes bug 10536; + bugfix on 0.2.4.8-alpha. Reported by "cypherpunks". + diff --git a/changes/bug10543 b/changes/bug10543 index 60445063cf..ebc97b0dbd 100644 --- a/changes/bug10543 +++ b/changes/bug10543 @@ -1,5 +1,6 @@ o Minor bugfixes: - - If all nodes with the Exit flag have been disabled with the ExitNodes - flag, consider nodes which can exit to other ports as well. Fixes bug - 10543; bugfix on 0.2.4.10-alpha. + - If we set the ExitNodes option but it doesn't include any nodes + that have the Exit flag, we would choose not to bootstrap. Now we + bootstrap so long as ExitNodes includes nodes which can exit to + some port. Fixes bug 10543; bugfix on 0.2.4.10-alpha. diff --git a/changes/bug10565 b/changes/bug10565 index 9fef9d43e7..92902e76f4 100644 --- a/changes/bug10565 +++ b/changes/bug10565 @@ -1,3 +1,3 @@ o Minor bugfixes: - - Fix compilation on Solaris 9, which didn't like us to have an - identifier namd "sun". Fixes bug 10565; bugfix in 0.2.5.1-alpha. + - Fix compilation on Solaris 9, which didn't like us having an + identifier named "sun". Fixes bug 10565; bugfix in 0.2.5.1-alpha. diff --git a/changes/bug10722 b/changes/bug10722 dissimilarity index 95% index dd4711f110..0a62e44c23 100644 --- a/changes/bug10722 +++ b/changes/bug10722 @@ -1,8 +1,8 @@ - o Minor bugfixes: - - Consider non-excluded hidden service directory servers before - excluded ones. Do not consider excluded hidden service directory - servers at all if StrictNodes was set. (Previously, we would - sometimes decide to connect to those servers, and then realize - before we initiated a connection that we had excluded them.) - Fix for bug #10722. Bugfix on 0.2.0.10-alpha. Reported by - "mr-4". + o Minor bugfixes: + - If ExcludeNodes is set, consider non-excluded hidden service + directory servers before excluded ones. Do not consider excluded + hidden service directory servers at all if StrictNodes is + set. (Previously, we would sometimes decide to connect to those + servers, and then realize before we initiated a connection that + we had excluded them.) Fixes bug 10722; bugfix on 0.2.0.10-alpha. + Reported by "mr-4". diff --git a/changes/bug10758 b/changes/bug10758 index beadd9e5e5..ab4075d5fe 100644 --- a/changes/bug10758 +++ b/changes/bug10758 @@ -1,4 +1,4 @@ - o Removed code - - Remove all code that existed to support the v2 directory system: - There are no longer any v2 directory authorities. Resolves - bug 10758. + o Removed code and features: + - Remove all code that existed to support the v2 directory system, + since there are no longer any v2 directory authorities. Resolves + ticket 10758. diff --git a/changes/bug10777_internal_024 b/changes/bug10777_internal_024 index 4544147f6e..c0bd9bf00c 100644 --- a/changes/bug10777_internal_024 +++ b/changes/bug10777_internal_024 @@ -1,4 +1,5 @@ o Major bugfixes: - - Do not treat END_STREAM_REASON_INTERNAL as indicating a definite - circuit failure, since it could also indicate an ENETUNREACH - error. Fixes part of bug 10777; bugfix on 0.2.4.8-alpha. + - Do not treat streams that fail with reason + END_STREAM_REASON_INTERNAL as indicating a definite circuit failure, + since it could also indicate an ENETUNREACH connection error. Fixes + part of bug 10777; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug10793 b/changes/bug10793 index 24c4025dde..ea15cc3ad9 100644 --- a/changes/bug10793 +++ b/changes/bug10793 @@ -1,4 +1,4 @@ o Minor features (security): - - Always clear OpenSSL bignums before freeing them--even bignums + - Always clear OpenSSL bignums before freeing them -- even bignums that don't contain secrets. Resolves ticket 10793. Patch by Florent Daigniere. diff --git a/changes/bug10842 b/changes/bug10842 index 0ead9e7db8..9c757e2d7a 100644 --- a/changes/bug10842 +++ b/changes/bug10842 @@ -1,4 +1,5 @@ - o Minor bugfixes: - - Suppress a warning that votes and signatures cannot be uploaded to - other directory authorities if there's only one directory authority - in the network. Bugfix on 0.2.2.26-beta. Resolves ticket 10842. + o Minor bugfixes (log messages): + - Suppress a warning where, if there's only one directory authority + in the network, we would complain that votes and signatures cannot + be uploaded to other directory authorities. Fixes bug 10842; + bugfix on 0.2.2.26-beta. diff --git a/changes/bug10870 b/changes/bug10870 index d8a00f4029..4c8d043e14 100644 --- a/changes/bug10870 +++ b/changes/bug10870 @@ -1,6 +1,6 @@ o Code simplification and refactoring: - Remove data structures which were introduced to implement the CellStatistics option: they are now redundant with the addition - of timestamp to the regular packed_cell_t data structure, which - we did in 0.2.4.18-rc in order to resolve #9093. Fixes bug - 10870. \ No newline at end of file + of a timestamp to the regular packed_cell_t data structure, which + we did in 0.2.4.18-rc in order to resolve ticket 9093. Implements + ticket 10870. diff --git a/changes/bug10881 b/changes/bug10881 dissimilarity index 100% index 3fcc90e140..62da79eca8 100644 --- a/changes/bug10881 +++ b/changes/bug10881 @@ -1,7 +1,7 @@ - o Removed code: - - - Remove code for designating authorities as "Hidden service - authorities". There has been no use of hidden service authorities - since 0.2.2.1-alpha, when we stopped uploading or downloading v0 - hidden service descriptors. Fixes bug 10881; part of a fix for bug - 10841. + o Removed config options: + - Remove the HSAuthoritativeDir and AlternateHSAuthority torrc + options, which were used for designating authorities as "Hidden + service authorities". There has been no use of hidden service + authorities since 0.2.2.1-alpha, when we stopped uploading or + downloading v0 hidden service descriptors. Fixes bug 10881; also + part of a fix for bug 10841. diff --git a/changes/bug1376 b/changes/bug1376 index bee42a39a4..e685a55136 100644 --- a/changes/bug1376 +++ b/changes/bug1376 @@ -1,4 +1,3 @@ - o Minor bugfixes: - - - Added additional argument to write_chunks_to_file to optionally skip - using a temp file to do non-atomic writes. Implements ticket #1376. + o Code simplification and refactoring: + - Previously we used two temporary files when writing descriptors to + disk; now we only use one. Implements ticket 1376. diff --git a/changes/bug4677 b/changes/bug4677 index 9a62bdb9cc..e043308472 100644 --- a/changes/bug4677 +++ b/changes/bug4677 @@ -1,4 +1,4 @@ o Minor bugfixes (build): - Restore the ability to compile Tor with V2_HANDSHAKE_SERVER - turned off. Fixes bug 4677; bugfix on 0.2.3.2-alpha. Patch - from "piet". + turned off (that is, without support for v2 link handshakes). Fixes + bug 4677; bugfix on 0.2.3.2-alpha. Patch from "piet". diff --git a/changes/bug5018 b/changes/bug5018 index c5c12efaba..5c3a4405e4 100644 --- a/changes/bug5018 +++ b/changes/bug5018 @@ -1,3 +1,5 @@ - o Minor features: - - Don't launch pluggable transport proxies that contribute - transports we don't need. Resolves ticket 5018. + o Major features: + - Don't launch pluggable transport proxies if we don't have any + bridges configured that would use them. Now we can list many + pluggable transports, and Tor will dynamically start one when it + hears a bridge address that needs it. Resolves ticket 5018. diff --git a/changes/bug5605 b/changes/bug5605 index 2144d968fd..0bee820aab 100644 --- a/changes/bug5605 +++ b/changes/bug5605 @@ -1,5 +1,7 @@ -o Minor Bugfixes: - - No longer writing control ports to file if updating reversible - options fail. Fixes bug 5605; bugfix on 0.2.2.26-beta. Patch from - Ryman. + o Minor bugfixes: + - If changing a config option via "setconf" fails in a recoverable + way, we used to nonetheless write our new control ports to the + file described by the "ControlPortWriteToFile" option. Now we only + write out that file if we successfully switch to the new config + option. Fixes bug 5605; bugfix on 0.2.2.26-beta. Patch from "Ryman". diff --git a/changes/bug7359 b/changes/bug7359 dissimilarity index 99% index d1bff0afa2..a91b730ecc 100644 --- a/changes/bug7359 +++ b/changes/bug7359 @@ -1,7 +1,9 @@ - o Minor features (controller): - - Extend ORCONN controller event by ID parameter and add four new - controller event types CONN_BW, CIRC_BW, CELL_STATS, and TB_EMPTY - that shall help understand connection and circuit usage. The new - events are emitted in private Tor networks only. Implements - proposal 218. Resolves ticket #7359. - + o Major features (controller): + - Extend ORCONN controller event to include an "ID" parameter, + and add four new controller event types CONN_BW, CIRC_BW, + CELL_STATS, and TB_EMPTY that show connection and circuit usage. + The new events are emitted in private Tor networks only, with the + goal of being able to better track performance and load during + full-network simulations. Implements proposal 218. Resolves + ticket 7359. + diff --git a/changes/bug9162 b/changes/bug9162 dissimilarity index 92% index c1a247a97f..b5ac27f5b6 100644 --- a/changes/bug9162 +++ b/changes/bug9162 @@ -1,6 +1,8 @@ - o Minor bugfixes: - - Fix a get_configured_bridge_by_addr_port_digest() function so - that it would return a bridge with given address and port even - if bridge digest is not specified by caller. Fixes bug 9162; - bugfix on 0.2.0.3-alpha. Based on a patch from "rl1987". - + o Minor bugfixes: + - Fix a bug where the first connection works to a bridge that uses a + pluggable transport with client-side parameters, but we don't send + the client-side parameters on subsequent connections. (We don't + use any pluggable transports with client-side parameters yet, + but ScrambleSuit will soon become the first one.) Fixes bug 9162; + bugfix on 0.2.0.3-alpha. Based on a patch from "rl1987". + diff --git a/changes/bug9206 b/changes/bug9206 index 7acb366990..36167ffb2e 100644 --- a/changes/bug9206 +++ b/changes/bug9206 @@ -1,6 +1,6 @@ o Minor features (testing): + - When bootstrapping a test network, sometimes very few relays get + the Guard flag. Now a new option "TestingDirAuthVoteGuard" can + specify a set of relays which should be voted Guard regardless of + their uptime or bandwidth. Addresses ticket 9206. - - When bootstrapping a test network, few relays get the Guard - flag. There is now a new option, TestingDirAuthVoteGuard, which - can be used to specify a set of relays which should be voted - Guard regardless of uptime or bandwidth. Addresses ticket 9206. diff --git a/changes/bug9578 b/changes/bug9578 index 96d66fe1f7..5b502005ea 100644 --- a/changes/bug9578 +++ b/changes/bug9578 @@ -1,6 +1,7 @@ o Minor bugfixes: - - When a command-line option such as --version or --help that ordinarily - implies --hush appears on the command line along with --quiet, obey - --quiet. Previously, we obeyed --quiet only if it appeared later on the - command line. Fixes bug 9578; bugfix on 0.2.5.1-alpha. + - When a command-line option such as --version or --help that + ordinarily implies --hush appears on the command line along with + --quiet, then actually obey --quiet. Previously, we obeyed --quiet + only if it appeared later on the command line. Fixes bug 9578; + bugfix on 0.2.5.1-alpha. diff --git a/changes/bug9602 b/changes/bug9602 index 2dc13c4c02..86248ab4d5 100644 --- a/changes/bug9602 +++ b/changes/bug9602 @@ -1,5 +1,4 @@ - o Bugfixes - - Null out orconn->chan->conn when closing orconn in case orconn is freed - before channel_run_cleanup() gets to orconn->chan, and handle the null - conn edge case correctly in channel_tls_t methods. Fixes bug #9602; - bugfix on 0.2.4.4-alpha. + o Minor bugfixes: + - Avoid a segfault on SIGUSR1, where we had freed a connection but did + not entirely remove it from the connection lists. Fixes bug 9602; + bugfix on 0.2.4.4-alpha. diff --git a/changes/bug9651 b/changes/bug9651 index 453fe9a4a0..8933c20902 100644 --- a/changes/bug9651 +++ b/changes/bug9651 @@ -1,3 +1,5 @@ o Minor features: - - Warn when the Extended ORPort should be set, but it isn't. Resolves - ticket 9651. + - When ServerTransportPlugin is set on a bridge, Tor can write more + useful statistics about bridge use in its extrainfo descriptors, + but only if the Extended ORPort ("ExtORPort") is set too. Add a + log message to inform the user in this case. Resolves ticket 9651. diff --git a/changes/bug9859 b/changes/bug9859 index 54ca30e6f7..38a7ace65c 100644 --- a/changes/bug9859 +++ b/changes/bug9859 @@ -1,6 +1,10 @@ - o Minor Feature - - - Assign status flags to bridges based on thresholds calculated - over all bridges. Fixes bug 9859. + o Major features: + - The bridge directory authority now assigns status flags (Stable, + Guard, etc) to bridges based on thresholds calculated over all + Running bridges. Now bridgedb can finally make use of its features + to e.g. include at least one Stable bridge in its answers. Fixes + bug 9859. + o Minor features: - Add threshold cutoffs to the networkstatus document created by the Bridge Authority. Fixes bug 1117. + diff --git a/changes/bug9869 b/changes/bug9869 index d67156d384..42f8928819 100644 --- a/changes/bug9869 +++ b/changes/bug9869 @@ -1,7 +1,5 @@ o Minor features (build): - - - Assume that a user using configure --host wants to cross- - compile and error if we cannot find a properly named tool- - chain. Add --disable-tool-name-check to enable the user - to build nevertheless. Addresses ticket 9869. Patch by - Benedikt Gollatz. + - Assume that a user using ./configure --host wants to cross-compile, + and give an error if we cannot find a properly named + tool-chain. Add a --disable-tool-name-check option to proceed + nevertheless. Addresses ticket 9869. Patch by Benedikt Gollatz. diff --git a/changes/bug9926 b/changes/bug9926 index 51af5e088e..6d33ecb3d4 100644 --- a/changes/bug9926 +++ b/changes/bug9926 @@ -1,6 +1,6 @@ - o Minor bugfixes: + o Code simplification and refactoring: - Remove some old fallback code designed to keep Tor clients working - in a network with only two working nodes. Elsewhere in the code we + in a network with only two working relays. Elsewhere in the code we have long since stopped supporting such networks, so there wasn't - much point in keeping it around. Fixes bug 9926. + much point in keeping it around. Addresses ticket 9926. diff --git a/changes/bug9934 b/changes/bug9934 index 2a636dba83..31e6613dbb 100644 --- a/changes/bug9934 +++ b/changes/bug9934 @@ -1,4 +1,5 @@ o Minor features (controller): - - New DROPGUARDS command to forget all current entry guards. Not - recommended for ordinary use, since replacing guards too frequently - makes several attacks easier. Resolves ticket #9934; patch from "ra". + - New "DROPGUARDS" controller command to forget all current entry + guards. Not recommended for ordinary use, since replacing guards + too frequently makes several attacks easier. Resolves ticket 9934; + patch from "ra". diff --git a/changes/bug9948 b/changes/bug9948 index 6a673c0548..492744b2b9 100644 --- a/changes/bug9948 +++ b/changes/bug9948 @@ -1,6 +1,4 @@ o Minor features (build): - - - Check in configure whether we can link an executable when - stack protection is enabled so we can warn the user about a - potentially missing libssp. Addresses ticket 9948. Patch - from Benedikt Gollatz. + - If we run ./configure and the compiler recognizes -fstack-protector + but the linker rejects it, warn the user about a potentially missing + libssp package. Addresses ticket 9948. Patch from Benedikt Gollatz. diff --git a/changes/feature9777 b/changes/feature9777 index 312b5e034e..b9f111cdf8 100644 --- a/changes/feature9777 +++ b/changes/feature9777 @@ -1,3 +1,7 @@ - o Minor features: - - Avoid using circuit paths if no node in the path supports the ntor - circuit extension handshake. Implements ticket 9777. + o Major features: + - When we choose a path for a 3-hop circuit, make sure it contains + at least one relay that supports the NTor circuit extension + handshake. Otherwise, there is a chance that we're building + a circuit that's worth attacking by an adversary who finds + breaking 1024-bit crypto doable, and that chance changes the game + theory. Implements ticket 9777. diff --git a/changes/prop157-require b/changes/prop157-require index f04806ddd0..309d7f8a37 100644 --- a/changes/prop157-require +++ b/changes/prop157-require @@ -2,4 +2,4 @@ - Clients now reject any directory authority certificates lacking a dir-key-crosscert element. These have been included since 0.2.1.9-alpha, so there's no real reason for them to be optional - any longer. Completes proposal 157. + any longer. Completes proposal 157. Resolves ticket 10162. diff --git a/changes/prop221 b/changes/prop221 dissimilarity index 100% index b2bf44bc37..63ef763e9e 100644 --- a/changes/prop221 +++ b/changes/prop221 @@ -1,6 +1,7 @@ - o Minor features: - - Stop sending the CREATE_FAST cells by default; instead, use a - parameter in the consensus to decide whether to use - CREATE_FAST. This can improve security on connections where - Tor's circuit handshake is stronger than the available TLS - connection security levels. Implements proposal 221. + o Major features: + - Clients now look at the "usecreatefast" consensus parameter to + decide whether to use CREATE_FAST or CREATE cells for the first hop + of their circuit. This approach can improve security on connections + where Tor's circuit handshake is stronger than the available TLS + connection security levels, but the tradeoff is more computational + load on guard relays. Implements proposal 221. Resolves ticket 9386. diff --git a/changes/python-tests b/changes/python-tests index 4373e31e6a..8a5fcf5501 100644 --- a/changes/python-tests +++ b/changes/python-tests @@ -1,4 +1,4 @@ o Minor features: - - "make check" now runs extra tests beyond the unit test scripts if - Python is installed. + - If Python is installed, "make check" now runs extra tests beyond + the unit test scripts. diff --git a/changes/seccomp2-fixes b/changes/seccomp2-fixes index 600feecd11..e050565aaf 100644 --- a/changes/seccomp2-fixes +++ b/changes/seccomp2-fixes @@ -1,3 +1,4 @@ o Minor bugfixes: - Fix compilation warnings and startup issues when running with - libseccomp-2.1.0. Fixes bug 10563. + "Sandbox 1" and libseccomp-2.1.0. Fixes bug 10563; bugfix on + 0.2.5.1-alpha. diff --git a/changes/stack_trace b/changes/stack_trace index 2eaf15ec89..33dfcd3e85 100644 --- a/changes/stack_trace +++ b/changes/stack_trace @@ -4,5 +4,5 @@ Unix-like operating systems), Tor can now dump stack traces when a crash occurs or an assertion fails. By default, traces are dumped to stderr (if possible) and to any logs that are - reporting errors. + reporting errors. Implements ticket 9299. diff --git a/changes/ticket10060 b/changes/ticket10060 index 867c46436b..ff61c29398 100644 --- a/changes/ticket10060 +++ b/changes/ticket10060 @@ -1,5 +1,5 @@ o Minor features: - - Adding --allow-missing-torrc commandline option that allows Tor to - run if configuration file specified by -f is not available. + - Add an --allow-missing-torrc commandline option that tells Tor to + run even if the configuration file specified by -f is not available. Implements ticket 10060. diff --git a/changes/ticket8510 b/changes/ticket8510 index c79129ac69..0cd7a8c722 100644 --- a/changes/ticket8510 +++ b/changes/ticket8510 @@ -1,4 +1,3 @@ o Minor features: - - Implement the HS_DESC async control event that notifies controller on - activities related to hidden service descriptors. Partly resolves - ticket 8510. + - Add a new "HS_DESC" controller event that reports activities + related to hidden service descriptors. Resolves ticket 8510. diff --git a/changes/ticket9839 b/changes/ticket9839 index a71c231042..e85c280a7b 100644 --- a/changes/ticket9839 +++ b/changes/ticket9839 @@ -1,3 +1,3 @@ o Documentation: - - Update manpage to describe some of the files one could find - in data directory. Fixes bug 9839. + - Update manpage to describe some of the files you can expect to + find in Tor's DataDirectory. Addresses ticket 9839. -- 2.11.4.GIT