[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r17207: {tor} minor changelog cleanups. declare that friday is when we rel (tor/trunk)
Author: arma
Date: 2008-11-07 00:11:41 -0500 (Fri, 07 Nov 2008)
New Revision: 17207
Modified:
tor/trunk/ChangeLog
Log:
minor changelog cleanups. declare that friday is when we release it.
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2008-11-07 04:38:58 UTC (rev 17206)
+++ tor/trunk/ChangeLog 2008-11-07 05:11:41 UTC (rev 17207)
@@ -1,4 +1,4 @@
-Changes in version 0.2.1.7-alpha - 2008-11-xx
+Changes in version 0.2.1.7-alpha - 2008-11-07
o Security fixes:
- The "ClientDNSRejectInternalAddresses" config option wasn't being
consistently obeyed: if an exit relay refuses a stream because its
@@ -6,26 +6,26 @@
the relay said the destination address resolves to, even if it's
an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.
- The "User" and "Group" config options did not clear the
- supplementary group entries for the process. The "User" option
- has been made more robust, and also now also sets the groups to
- the specified user's primary group. The "Group" option is now
- ignored. For more detailed logging on credential switching, set
- CREDENTIAL_LOG_LEVEL in common/compat.c to LOG_NOTICE or higher;
- patch by Jacob Appelbaum and Steven Murdoch.
+ supplementary group entries for the Tor process. The "User" option
+ is now more robust, and we now set the groups to the specified
+ user's primary group. The "Group" option is now ignored. For more
+ detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
+ in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
+ and Steven Murdoch.
o Minor features:
- Now NodeFamily and MyFamily config options allow spaces in
identity fingerprints, so it's easier to paste them in.
Suggested by Lucky Green.
+ - Implement the 0x20 hack to better resist DNS poisoning: set the
+ case on outgoing DNS requests randomly, and reject responses that do
+ not match the case correctly. This logic can be disabled with the
+ ServerDNSRamdomizeCase setting, if you are using one of the 0.3%
+ of servers that do not reliably preserve case in replies. See
+ "Increased DNS Forgery Resistance through 0x20-Bit Encoding"
+ for more info.
- Preserve case in replies to DNSPort requests in order to support
the 0x20 hack for resisting DNS poisoning attacks.
- - Implement the 0x20 hack to better resist DNS poisoning: set the
- case on outgoing DNS requests randomly, and reject responses
- that do not match the case correctly. This logic can be
- disabled with the ServerDNSRamdomizeCase setting, if you are
- using one of the 0.3% of servers that do not reliably preserve
- case in replies. See "Increased DNS Forgery Resistance through
- 0x20-Bit Encoding" for more info.
o Hidden service performance improvements:
- When the client launches an introduction circuit, retry with a
@@ -45,20 +45,20 @@
no pending streams, choose a good general exit rather than one that
supports "all the pending streams". Bugfix on 0.1.1.x. Fix by rovv.
- Send a valid END cell back when a client tries to connect to a
- nonexistent hidden service port. Bugfix on 0.1.2.15. Fixes bug
- 840. Patch from rovv.
+ nonexistent hidden service port. Bugfix on 0.1.2.15. Fixes bug
+ 840. Patch from rovv.
- If a broken client asks a non-exit router to connect somewhere,
do not even do the DNS lookup before rejecting the connection.
- Fixes another case of bug 619. Patch from rovv.
+ Fixes another case of bug 619. Patch from rovv.
- Fix another case of assuming, when a specific exit is requested,
that we know more than the user about what hosts it allows.
- Fixes another case of bug 752. Patch from rovv.
+ Fixes another case of bug 752. Patch from rovv.
- Check which hops rendezvous stream cells are associated with to
prevent possible guess-the-streamid injection attacks from
- intermediate hops. Fixes another case of bug 446. Based on patch
+ intermediate hops. Fixes another case of bug 446. Based on patch
from rovv.
- Avoid using a negative right-shift when comparing 32-bit
- addresses. Possible fix for bug 845 and bug 811.
+ addresses. Possible fix for bug 845 and bug 811.
- Make the assert_circuit_ok() function work correctly on circuits that
have already been marked for close.
- Fix read-off-the-end-of-string error in unit tests when decoding
@@ -138,7 +138,7 @@
- Add a -p option to tor-resolve for specifying the SOCKS port: some
people find host:port too confusing.
- Make TrackHostExit mappings expire a while after their last use, not
- after their creation. Patch from Robert Hogan.
+ after their creation. Patch from Robert Hogan.
- Provide circuit purposes along with circuit events to the controller.
o Minor bugfixes: