From: Roger Dingledine Date: Mon, 22 Feb 2010 05:24:33 +0000 (-0500) Subject: Merge branch 'maint-0.2.1' into new X-Git-Tag: tor-0.2.2.9-alpha~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb842c0022bb68438cd94cde6e4ab4143380d309;p=thirdparty%2Ftor.git Merge branch 'maint-0.2.1' into new Conflicts: ChangeLog configure.in contrib/tor-mingw.nsi.in src/win32/orconfig.h --- eb842c0022bb68438cd94cde6e4ab4143380d309 diff --cc ChangeLog index f8ab511ecc,224b08e99d..2e75fc24b6 --- a/ChangeLog +++ b/ChangeLog @@@ -1,94 -1,11 +1,83 @@@ +Changes in version 0.2.2.9-alpha - 2010-02-22 + o Directory authority changes: + - Change IP address for dannenberg (v3 directory authority), and + remove moria2 (obsolete v1, v2 directory authority and v0 hidden + service directory authority) from the list. + + o Major bugfixes: + - Make Tor work again on the latest OS X: when deciding whether to + use strange flags to turn TLS renegotiation on, detect the OpenSSL + version at run-time, not compile time. We need to do this because + Apple doesn't update its dev-tools headers when it updates its + libraries in a security patch. + - Fix a potential buffer overflow in lookup_last_hid_serv_request() + that could happen on 32-bit platforms with 64-bit time_t. Also fix + a memory leak when requesting a hidden service descriptor we've + requested before. Fixes bug 1242, bugfix on 0.2.0.18-alpha. Found + by aakova. + - Authorities could be tricked into giving out the Exit flag to relays + that didn't allow exiting to any ports. This bug could screw + with load balancing and stats. Bugfix on 0.1.1.6-alpha; fixes bug + 1238. Bug discovered by Martin Kowalczyk. + + o Minor bugfixes: + - Fix static compilation by listing the openssl libraries in the right + order. Bugfix on Tor 0.2.2.8-alpha; fixes bug 1237. + - Resume handling .exit hostnames in a special way: originally we + stripped the .exit part and used the requested exit relay. In + 0.2.2.1-alpha we stopped treating them in any special way, meaning + if you use a .exit address then Tor will pass it on to the exit + relay. Now we reject the .exit stream outright, since that behavior + might be more expected by the user. Found and diagnosed by Scott + Bennett and Downie on or-talk. + - Don't spam the controller with events when we have no file + descriptors available. Bugfix on 0.2.1.5-alpha. (Rate-limiting + for log messages was already solved from bug 748.) + - Avoid a bogus overlapped memcpy in tor_addr_copy(). Reported by + "memcpyfail". + - Make the DNSPort option work with libevent 2.x. Don't alter the + behaviour for libevent 1.x. Fixes bug 1143. Found by SwissTorExit. + - Emit a GUARD DROPPED controller event for a case we missed. + - Make more fields in the controller protocol case-insensitive, since + control-spec.txt said they were. + - Refactor resolve_my_address() to not use gethostbyname() anymore. + Fixes bug 1244; bugfix on 0.0.2pre25. Reported by Mike Mestnik. + + o Code simplifications and refactoring: + - Generate our manpage and HTML documentation using Asciidoc. This + change should make it easier to maintain the documentation, and + produce nicer HTML. + - Remove the --enable-iphone option. According to reports from Marco + Bonetti, Tor builds fine without any special tweaking on recent + iPhone SDK versions. + - Removed some unnecessary files from the source distribution. The + AUTHORS file has now been merged into the people page on the + website. The roadmaps and design doc can now be found in the + projects directory in svn. + - Enabled various circuit build timeout constants to be controlled + by consensus parameters. Also set better defaults for these + parameters based on experimentation on broadband and simulated + high latency links. + + o Minor features: + - The 'EXTENDCIRCUIT' control port command can now be used with + a circ id of 0 and no path. This feature will cause Tor to build + a new 'fast' general purpose circuit using its own path selection + algorithms. + - Added a BUILDTIMEOUT_SET controller event to describe changes + to the circuit build timeout. + - Future-proof the controller protocol a bit by ignoring keyword + arguments we do not recognize. + + - Changes in version 0.2.2.8-alpha - 2010-01-26 - o Major bugfixes: - - Fix a memory corruption bug on bridges that occured during the - inclusion of stats data in extra-info descriptors. Also fix the - interface for geoip_get_bridge_stats* to prevent similar bugs in - the future. Diagnosis by Tas, patch by Karsten and Sebastian. - Fixes bug 1208; bugfix on 0.2.2.7-alpha. + Changes in version 0.2.1.24 - 2010-02-21 + Tor 0.2.1.24 makes Tor work again on the latest OS X -- this time + for sure! - o Minor bugfixes: - - Ignore OutboundBindAddress when connecting to localhost. - Connections to localhost need to come _from_ localhost, or else - local servers (like DNS and outgoing HTTP/SOCKS proxies) will often - refuse to listen. - - - Changes in version 0.2.1.24 - 2010-??-?? o Minor bugfixes: - Work correctly out-of-the-box with even more vendor-patched versions - of OpenSSL. + of OpenSSL. In particular, make it so Debian and OS X don't need + customized patches to run/build. Changes in version 0.2.1.23 - 2010-02-13 @@@ -134,135 -51,6 +123,150 @@@ over the behavior introduced in 0.1.2.17. ++Changes in version 0.2.2.8-alpha - 2010-01-26 ++ o Major bugfixes: ++ - Fix a memory corruption bug on bridges that occured during the ++ inclusion of stats data in extra-info descriptors. Also fix the ++ interface for geoip_get_bridge_stats* to prevent similar bugs in ++ the future. Diagnosis by Tas, patch by Karsten and Sebastian. ++ Fixes bug 1208; bugfix on 0.2.2.7-alpha. ++ ++ o Minor bugfixes: ++ - Ignore OutboundBindAddress when connecting to localhost. ++ Connections to localhost need to come _from_ localhost, or else ++ local servers (like DNS and outgoing HTTP/SOCKS proxies) will often ++ refuse to listen. ++ ++ +Changes in version 0.2.2.7-alpha - 2010-01-19 + Tor 0.2.2.7-alpha fixes a huge client-side performance bug, as well + as laying the groundwork for further relay-side performance fixes. It + also starts cleaning up client behavior with respect to the EntryNodes, + ExitNodes, and StrictNodes config options. + + This release also rotates two directory authority keys, due to a + security breach of some of the Torproject servers. + + o Directory authority changes: + - Rotate keys (both v3 identity and relay identity) for moria1 + and gabelmoo. + + o Major features (performance): + - We were selecting our guards uniformly at random, and then weighting + which of our guards we'd use uniformly at random. This imbalance + meant that Tor clients were severely limited on throughput (and + probably latency too) by the first hop in their circuit. Now we + select guards weighted by currently advertised bandwidth. We also + automatically discard guards picked using the old algorithm. Fixes + bug 1217; bugfix on 0.2.1.3-alpha. Found by Mike Perry. + - When choosing which cells to relay first, relays can now favor + circuits that have been quiet recently, to provide lower latency + for low-volume circuits. By default, relays enable or disable this + feature based on a setting in the consensus. You can override + this default by using the new "CircuitPriorityHalflife" config + option. Design and code by Ian Goldberg, Can Tang, and Chris + Alexander. + - Add separate per-conn write limiting to go with the per-conn read + limiting. We added a global write limit in Tor 0.1.2.5-alpha, + but never per-conn write limits. + - New consensus params "bwconnrate" and "bwconnburst" to let us + rate-limit client connections as they enter the network. It's + controlled in the consensus so we can turn it on and off for + experiments. It's starting out off. Based on proposal 163. + + o Major features (relay selection options): + - Switch to a StrictNodes config option, rather than the previous + "StrictEntryNodes" / "StrictExitNodes" separation that was missing a + "StrictExcludeNodes" option. + - If EntryNodes, ExitNodes, ExcludeNodes, or ExcludeExitNodes + change during a config reload, mark and discard all our origin + circuits. This fix should address edge cases where we change the + config options and but then choose a circuit that we created before + the change. + - If EntryNodes or ExitNodes are set, be more willing to use an + unsuitable (e.g. slow or unstable) circuit. The user asked for it, + they get it. + - Make EntryNodes config option much more aggressive even when + StrictNodes is not set. Before it would prepend your requested + entrynodes to your list of guard nodes, but feel free to use others + after that. Now it chooses only from your EntryNodes if any of + those are available, and only falls back to others if a) they're + all down and b) StrictNodes is not set. + - Now we refresh your entry guards from EntryNodes at each consensus + fetch -- rather than just at startup and then they slowly rot as + the network changes. + + o Major bugfixes: + - Stop bridge directory authorities from answering dbg-stability.txt + directory queries, which would let people fetch a list of all + bridge identities they track. Bugfix on 0.2.1.6-alpha. + + o Minor features: + - Log a notice when we get a new control connection. Now it's easier + for security-conscious users to recognize when a local application + is knocking on their controller door. Suggested by bug 1196. + - New config option "CircuitStreamTimeout" to override our internal + timeout schedule for how many seconds until we detach a stream from + a circuit and try a new circuit. If your network is particularly + slow, you might want to set this to a number like 60. + - New controller command "getinfo config-text". It returns the + contents that Tor would write if you send it a SAVECONF command, + so the controller can write the file to disk itself. + - New options for SafeLogging to allow scrubbing only log messages + generated while acting as a relay. + - Ship the bridges spec file in the tarball too. + - Avoid a mad rush at the beginning of each month when each client + rotates half of its guards. Instead we spread the rotation out + throughout the month, but we still avoid leaving a precise timestamp + in the state file about when we first picked the guard. Improves + over the behavior introduced in 0.1.2.17. + + o Minor bugfixes (compiling): + - Fix compilation on OS X 10.3, which has a stub mlockall() but + hides it. Bugfix on 0.2.2.6-alpha. + - Fix compilation on Solaris by removing support for the + DisableAllSwap config option. Solaris doesn't have an rlimit for + mlockall, so we cannot use it safely. Fixes bug 1198; bugfix on + 0.2.2.6-alpha. + + o Minor bugfixes (crashes): + - Do not segfault when writing buffer stats when we haven't observed + a single circuit to report about. Found by Fabian Lanze. Bugfix on + 0.2.2.1-alpha. + - If we're in the pathological case where there's no exit bandwidth + but there is non-exit bandwidth, or no guard bandwidth but there + is non-guard bandwidth, don't crash during path selection. Bugfix + on 0.2.0.3-alpha. + - Fix an impossible-to-actually-trigger buffer overflow in relay + descriptor generation. Bugfix on 0.1.0.15. + + o Minor bugfixes (privacy): + - Fix an instance where a Tor directory mirror might accidentally + log the IP address of a misbehaving Tor client. Bugfix on + 0.1.0.1-rc. + - Don't list Windows capabilities in relay descriptors. We never made + use of them, and maybe it's a bad idea to publish them. Bugfix + on 0.1.1.8-alpha. + + o Minor bugfixes (other): + - Resolve an edge case in path weighting that could make us misweight + our relay selection. Fixes bug 1203; bugfix on 0.0.8rc1. + - Fix statistics on client numbers by country as seen by bridges that + were broken in 0.2.2.1-alpha. Also switch to reporting full 24-hour + intervals instead of variable 12-to-48-hour intervals. + - After we free an internal connection structure, overwrite it + with a different memory value than we use for overwriting a freed + internal circuit structure. Should help with debugging. Suggested + by bug 1055. + - Update our OpenSSL 0.9.8l fix so that it works with OpenSSL 0.9.8m + too. + + o Removed features: + - Remove the HSAuthorityRecordStats option that version 0 hidden + service authorities could have used to track statistics of overall + hidden service usage. + + Changes in version 0.2.1.22 - 2010-01-19 Tor 0.2.1.22 fixes a critical privacy problem in bridge directory authorities -- it would tell you its whole history of bridge descriptors