- Changes in Version 0.2.1.21 - 20??-??-??
+Changes in version 0.2.2.7-alpha - 2010-01-??
+ o Major features (performance):
+ - When choosing which cells to relay first, we can now favor circuits
+ that have been quiet recently, so as to get lower latency for
+ low-volume circuits. By default, relays enable or disable this
+ feature based on a setting in the consensus. Preliminary testing
+ suggests that this should make the network feel faster as more relays
+ use it. You can override this default by using the new
+ "CircuitPriorityHalflife" config option. Design and code by Ian
+ Goldberg, Can Tang, and Chris Alexander.
+ - Add separate per-conn write limiting to go with the per-conn read
+ limiting. We added a global write limit in Tor 0.1.2.5-alpha,
+ but never per-conn write limits.
+ - New consensus params "bwconnrate" and "bwconnburst" to let us
+ rate-limit client connections as they enter the network. It's
+ controlled in the consensus so we can turn it on and off for
+ experiments. It's starting out off. Based on proposal 163.
+
+ o Major features (relay selection):
+ - Switch to a StrictNodes config option, rather than the previous
+ "StrictEntryNodes" / "StrictExitNodes" separation that was missing a
+ "StrictExcludeNodes" option.
+ - If EntryNodes, ExitNodes, ExcludeNodes, or ExcludeExitNodes
+ change during a config reload, mark and discard all our origin
+ circuits. This fix should address edge cases where we change the
+ config options and but then choose a circuit that we created before
+ the change.
+ - If EntryNodes or ExitNodes are set, be more willing to use an
+ unsuitable (e.g. slow or unstable) circuit. The user asked for it,
+ they get it.
+ - Make EntryNodes config option much more aggressive even when
+ StrictNodes is not set. Before it would prepend your requested
+ entrynodes to your list of guard nodes, but feel free to use others
+ after that. Now it chooses only from your EntryNodes if any of
+ those are available, and only falls back to others if a) they're
+ all down and b) StrictNodes is not set.
+ - Now we refresh your entry guards from EntryNodes at each consensus
+ fetch -- rather than just at startup and then they slowly rot as
+ the network changes.
+
+ o Minor features:
+ - New config option "CircuitStreamTimeout" to override our internal
+ timeout schedule for how many seconds until we detach a stream from
+ a circuit and try a new circuit. If your network is particularly
+ slow, you might want to set this to a number like 60.
+ - New controller command "getinfo config-text". It returns the
+ contents that Tor would write if you send it a SAVECONF command,
+ so the controller can write the file to disk itself.
+ - New options for SafeLogging to allow scrubbing only log messages
+ generated while acting as a relay.
+
+ o Minor bugfixes:
+ - Fix compilation on OSX 10.3, which has a stub mlockall() but
+ hides it. Bugfix on 0.2.2.6-alpha.
+ - After we free an internal connection structure, overwrite it
+ with a different memory value than we use for overwriting a freed
+ internal circuit structure. Should help with debugging. Suggested
+ by bug 1055.
+ - Fix an instance where a Tor directory mirror might accidentally
+ log the IP address of a misbehaving Tor client. Bugfix on
+ 0.1.0.1-rc.
+ - Update our OpenSSL 0.9.8l fix so that it works with OpenSSL 0.9.8m
+ too.
+ - Do not segfault when writing buffer stats when we haven't observed
+ a single circuit to report about. Found by Fabian Lanze. Bugfix on
+ 0.2.2.1-alpha.
+ - Fix statistics on client numbers by country as seen by bridges that
+ were broken in 0.2.2.1-alpha. Also switch to reporting full 24-hour
+ intervals instead of variable 12-to-48-hour intervals.
+ - If we're in the pathological case where there's no exit bandwidth
+ but there is non-exit bandwidth, or no guard bandwidth but there
+ is non-guard bandwidth, don't crash during path selection. Bugfix
+ on 0.2.0.3-alpha.
+
+ o Removed features:
+ - Remove the HSAuthorityRecordStats option that version 0 hidden
+ service authorities could have used to track statistics of overall
+ hidden service usage.
+
+
+Changes in version 0.2.2.6-alpha - 2009-11-19
+ o Major features:
+ - Directory authorities can now create, vote on, and serve multiple
+ parallel formats of directory data as part of their voting process.
+ Partially implements Proposal 162: "Publish the consensus in
+ multiple flavors".
+ - Directory authorities can now agree on and publish small summaries
+ of router information that clients can use in place of regular
+ server descriptors. This transition will eventually allow clients
+ to use far less bandwidth for downloading information about the
+ network. Begins the implementation of Proposal 158: "Clients
+ download consensus + microdescriptors".
+ - The directory voting system is now extensible to use multiple hash
+ algorithms for signatures and resource selection. Newer formats
+ are signed with SHA256, with a possibility for moving to a better
+ hash algorithm in the future.
+ - New DisableAllSwap option. If set to 1, Tor will attempt to lock all
+ current and future memory pages via mlockall(). On supported
+ platforms (modern Linux and probably BSD but not Windows or OS X),
+ this should effectively disable any and all attempts to page out
+ memory. This option requires that you start your Tor as root --
+ if you use DisableAllSwap, please consider using the User option
+ to properly reduce the privileges of your Tor.
+ - Numerous changes, bugfixes, and workarounds from Nathan Freitas
+ to help Tor build correctly for Android phones.
+
+ o Major bugfixes:
+ - Work around a security feature in OpenSSL 0.9.8l that prevents our
+ handshake from working unless we explicitly tell OpenSSL that we
+ are using SSL renegotiation safely. We are, but OpenSSL 0.9.8l
+ won't work unless we say we are.
+
+ o Minor bugfixes:
+ - Fix a crash bug when trying to initialize the evdns module in
+ Libevent 2. Bugfix on 0.2.1.16-rc.
+ - Stop logging at severity 'warn' when some other Tor client tries
+ to establish a circuit with us using weak DH keys. It's a protocol
+ violation, but that doesn't mean ordinary users need to hear about
+ it. Fixes the bug part of bug 1114. Bugfix on 0.1.0.13.
+ - Do not refuse to learn about authority certs and v2 networkstatus
+ documents that are older than the latest consensus. This bug might
+ have degraded client bootstrapping. Bugfix on 0.2.0.10-alpha.
+ Spotted and fixed by xmux.
+ - Fix numerous small code-flaws found by Coverity Scan Rung 3.
+ - If all authorities restart at once right before a consensus vote,
+ nobody will vote about "Running", and clients will get a consensus
+ with no usable relays. Instead, authorities refuse to build a
+ consensus if this happens. Bugfix on 0.2.0.10-alpha; fixes bug 1066.
+ - If your relay can't keep up with the number of incoming create
+ cells, it would log one warning per failure into your logs. Limit
+ warnings to 1 per minute. Bugfix on 0.0.2pre10; fixes bug 1042.
+ - Bridges now use "reject *:*" as their default exit policy. Bugfix
+ on 0.2.0.3-alpha; fixes bug 1113.
+ - Fix a memory leak on directory authorities during voting that was
+ introduced in 0.2.2.1-alpha. Found via valgrind.
+
+
+Changes in version 0.2.2.5-alpha - 2009-10-11
+ Tor 0.2.2.5-alpha fixes a few compile problems in 0.2.2.4-alpha.
+
+ o Major bugfixes:
+ - Make the tarball compile again. Oops. Bugfix on 0.2.2.4-alpha.
+
+ o New directory authorities:
+ - Move dizum to an alternate IP address.
+
+
+Changes in version 0.2.2.4-alpha - 2009-10-10
+ Tor 0.2.2.4-alpha fixes more crash bugs in 0.2.2.2-alpha. It also
+ introduces a new unit test framework, shifts directry authority
+ addresses around to reduce the impact from recent blocking events,
+ and fixes a few smaller bugs.
+
+ o Major bugfixes:
+ - Fix several more asserts in the circuit_build_times code, for
+ example one that causes Tor to fail to start once we have
+ accumulated 5000 build times in the state file. Bugfixes on
+ 0.2.2.2-alpha; fixes bug 1108.
+
+ o New directory authorities:
+ - Move moria1 and Tonga to alternate IP addresses.
+
+ o Minor features:
+ - Log SSL state transitions at debug level during handshake, and
+ include SSL states in error messages. This may help debug future
+ SSL handshake issues.
+ - Add a new "Handshake" log domain for activities that happen
+ during the TLS handshake.
+ - Revert to the "June 3 2009" ip-to-country file. The September one
+ seems to have removed most US IP addresses.
+ - Directory authorities now reject Tor relays with versions less than
+ 0.1.2.14. This step cuts out four relays from the current network,
+ none of which are very big.
+
+ o Minor bugfixes:
+ - Fix a couple of smaller issues with gathering statistics. Bugfixes
+ on 0.2.2.1-alpha.
+ - Fix two memory leaks in the error case of
+ circuit_build_times_parse_state(). Bugfix on 0.2.2.2-alpha.
+ - Don't count one-hop circuits when we're estimating how long it
+ takes circuits to build on average. Otherwise we'll set our circuit
+ build timeout lower than we should. Bugfix on 0.2.2.2-alpha.
+ - Directory authorities no longer change their opinion of, or vote on,
+ whether a router is Running, unless they have themselves been
+ online long enough to have some idea. Bugfix on 0.2.0.6-alpha.
+ Fixes bug 1023.
+
+ o Code simplifications and refactoring:
+ - Revise our unit tests to use the "tinytest" framework, so we
+ can run tests in their own processes, have smarter setup/teardown
+ code, and so on. The unit test code has moved to its own
+ subdirectory, and has been split into multiple modules.
+
+
+Changes in version 0.2.2.3-alpha - 2009-09-23
+ Tor 0.2.2.3-alpha fixes a few crash bugs in 0.2.2.2-alpha.
+
+ o Major bugfixes:
+ - Fix an overzealous assert in our new circuit build timeout code.
+ Bugfix on 0.2.2.2-alpha; fixes bug 1103.
+
+ o Minor bugfixes:
+ - If the networkstatus consensus tells us that we should use a
+ negative circuit package window, ignore it. Otherwise we'll
+ believe it and then trigger an assert. Bugfix on 0.2.2.2-alpha.
+
+
+Changes in version 0.2.2.2-alpha - 2009-09-21
+ Tor 0.2.2.2-alpha introduces our latest performance improvement for
+ clients: Tor tracks the average time it takes to build a circuit, and
+ avoids using circuits that take too long to build. For fast connections,
+ this feature can cut your expected latency in half. For slow or flaky
+ connections, it could ruin your Tor experience. Let us know if it does!
+
+ o Major features:
+ - Tor now tracks how long it takes to build client-side circuits
+ over time, and adapts its timeout to local network performance.
+ Since a circuit that takes a long time to build will also provide
+ bad performance, we get significant latency improvements by
+ discarding the slowest 20% of circuits. Specifically, Tor creates
+ circuits more aggressively than usual until it has enough data
+ points for a good timeout estimate. Implements proposal 151.
+ We are especially looking for reports (good and bad) from users with
+ both EDGE and broadband connections that can move from broadband
+ to EDGE and find out if the build-time data in the .tor/state gets
+ reset without loss of Tor usability. You should also see a notice
+ log message telling you that Tor has reset its timeout.
+ - Directory authorities can now vote on arbitary integer values as
+ part of the consensus process. This is designed to help set
+ network-wide parameters. Implements proposal 167.
+ - Tor now reads the "circwindow" parameter out of the consensus,
+ and uses that value for its circuit package window rather than the
+ default of 1000 cells. Begins the implementation of proposal 168.
+
+ o Major bugfixes:
+ - Fix a remotely triggerable memory leak when a consensus document
+ contains more than one signature from the same voter. Bugfix on
+ 0.2.0.3-alpha.
+
+ o Minor bugfixes:
+ - Fix an extremely rare infinite recursion bug that could occur if
+ we tried to log a message after shutting down the log subsystem.
+ Found by Matt Edman. Bugfix on 0.2.0.16-alpha.
+ - Fix parsing for memory or time units given without a space between
+ the number and the unit. Bugfix on 0.2.2.1-alpha; fixes bug 1076.
+ - A networkstatus vote must contain exactly one signature. Spec
+ conformance issue. Bugfix on 0.2.0.3-alpha.
+ - Fix an obscure bug where hidden services on 64-bit big-endian
+ systems might mis-read the timestamp in v3 introduce cells, and
+ refuse to connect back to the client. Discovered by "rotor".
+ Bugfix on 0.2.1.6-alpha.
+ - We were triggering a CLOCK_SKEW controller status event whenever
+ we connect via the v2 connection protocol to any relay that has
+ a wrong clock. Instead, we should only inform the controller when
+ it's a trusted authority that claims our clock is wrong. Bugfix
+ on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit.
+ - We were telling the controller about CHECKING_REACHABILITY and
+ REACHABILITY_FAILED status events whenever we launch a testing
+ circuit or notice that one has failed. Instead, only tell the
+ controller when we want to inform the user of overall success or
+ overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported
+ by SwissTorExit.
+ - Don't warn when we're using a circuit that ends with a node
+ excluded in ExcludeExitNodes, but the circuit is not used to access
+ the outside world. This should help fix bug 1090, but more problems
+ remain. Bugfix on 0.2.1.6-alpha.
+ - Work around a small memory leak in some versions of OpenSSL that
+ stopped the memory used by the hostname TLS extension from being
+ freed.
+ - Make our 'torify' script more portable; if we have only one of
+ 'torsocks' or 'tsocks' installed, don't complain to the user;
+ and explain our warning about tsocks better.
+
+ o Minor features:
+ - Add a "getinfo status/accepted-server-descriptor" controller
+ command, which is the recommended way for controllers to learn
+ whether our server descriptor has been successfully received by at
+ least on directory authority. Un-recommend good-server-descriptor
+ getinfo and status events until we have a better design for them.
+ - Update to the "September 4 2009" ip-to-country file.
+
+
+Changes in version 0.2.2.1-alpha - 2009-08-26
+ Tor 0.2.2.1-alpha disables ".exit" address notation by default, allows
+ Tor clients to bootstrap on networks where only port 80 is reachable,
+ makes it more straightforward to support hardware crypto accelerators,
+ and starts the groundwork for gathering stats safely at relays.
+
+ o Security fixes:
+ - Start the process of disabling ".exit" address notation, since it
+ can be used for a variety of esoteric application-level attacks
+ on users. To reenable it, set "AllowDotExit 1" in your torrc. Fix
+ on 0.0.9rc5.
+
+ o New directory authorities:
+ - Set up urras (run by Jacob Appelbaum) as the seventh v3 directory
+ authority.
+
+ o Major features:
+ - New AccelName and AccelDir options add support for dynamic OpenSSL
+ hardware crypto acceleration engines.
+ - Tor now supports tunneling all of its outgoing connections over
+ a SOCKS proxy, using the SOCKS4Proxy and/or SOCKS5Proxy
+ configuration options. Code by Christopher Davis.
+
+ o Major bugfixes:
+ - Send circuit or stream sendme cells when our window has decreased
+ by 100 cells, not when it has decreased by 101 cells. Bug uncovered
+ by Karsten when testing the "reduce circuit window" performance
+ patch. Bugfix on the 54th commit on Tor -- from July 2002,
+ before the release of Tor 0.0.0. This is the new winner of the
+ oldest-bug prize.
+
+ o New options for gathering stats safely:
+ - Directories that set "DirReqStatistics 1" write statistics on
+ directory request to disk every 24 hours. As compared to the
+ --enable-geoip-stats flag in 0.2.1.x, there are a few improvements:
+ 1) stats are written to disk exactly every 24 hours; 2) estimated
+ shares of v2 and v3 requests are determined as mean values, not at
+ the end of a measurement period; 3) unresolved requests are listed
+ with country code '??'; 4) directories also measure download times.
+ - Exit nodes that set "ExitPortStatistics 1" write statistics on the
+ number of exit streams and transferred bytes per port to disk every
+ 24 hours.
+ - Relays that set "CellStatistics 1" write statistics on how long
+ cells spend in their circuit queues to disk every 24 hours.
+ - Entry nodes that set "EntryStatistics 1" write statistics on the
+ rough number and origins of connecting clients to disk every 24
+ hours.
+ - Relays that write any of the above statistics to disk and set
+ "ExtraInfoStatistics 1" include the past 24 hours of statistics in
+ their extra-info documents.
+
+ o Minor features:
+ - New --digests command-line switch to output the digests of the
+ source files Tor was built with.
+ - The "torify" script now uses torsocks where available.
+ - The memarea code now uses a sentinel value at the end of each area
+ to make sure nothing writes beyond the end of an area. This might
+ help debug some conceivable causes of bug 930.
+ - Time and memory units in the configuration file can now be set to
+ fractional units. For example, "2.5 GB" is now a valid value for
+ AccountingMax.
+ - Certain Tor clients (such as those behind check.torproject.org) may
+ want to fetch the consensus in an extra early manner. To enable this
+ a user may now set FetchDirInfoExtraEarly to 1. This also depends on
+ setting FetchDirInfoEarly to 1. Previous behavior will stay the same
+ as only certain clients who must have this information sooner should
+ set this option.
+ - Instead of adding the svn revision to the Tor version string, report
+ the git commit (when we're building from a git checkout).
+
+ o Minor bugfixes:
+ - If any the v3 certs we download are unparseable, we should actually
+ notice the failure so we don't retry indefinitely. Bugfix on
+ 0.2.0.x; reported by "rotator".
+ - If the cached cert file is unparseable, warn but don't exit.
+ - Fix possible segmentation fault on directory authorities. Bugfix on
+ 0.2.1.14-rc.
+ - When Tor fails to parse a descriptor of any kind, dump it to disk.
+ Might help diagnosing bug 1051.
+
+ o Deprecated and removed features:
+ - The controller no longer accepts the old obsolete "addr-mappings/"
+ or "unregistered-servers-" GETINFO values.
+ - Hidden services no longer publish version 0 descriptors, and clients
+ do not request or use version 0 descriptors. However, the old hidden
+ service authorities still accept and serve version 0 descriptors
+ when contacted by older hidden services/clients.
+ - The EXTENDED_EVENTS and VERBOSE_NAMES controller features are now
+ always on; using them is necessary for correct forward-compatible
+ controllers.
+ - Remove support for .noconnect style addresses. Nobody was using
+ them, and they provided another avenue for detecting Tor users
+ via application-level web tricks.
+
+ o Packaging changes:
+ - Upgrade Vidalia from 0.1.15 to 0.2.3 in the Windows and OS X
+ installer bundles. See
+ https://trac.vidalia-project.net/browser/vidalia/tags/vidalia-0.2.3/CHANGELOG
+ for details of what's new in Vidalia 0.2.3.
+ - Windows Vidalia Bundle: update Privoxy from 3.0.6 to 3.0.14-beta.
+ - OS X Vidalia Bundle: move to Polipo 1.0.4 with Tor specific
+ configuration file, rather than the old Privoxy.
+ - OS X Vidalia Bundle: Vidalia, Tor, and Polipo are compiled as
+ x86-only for better compatibility with OS X 10.6, aka Snow Leopard.
+ - OS X Tor Expert Bundle: Tor is compiled as x86-only for
+ better compatibility with OS X 10.6, aka Snow Leopard.
+ - OS X Vidalia Bundle: The multi-package installer is now replaced
+ by a simple drag and drop to the /Applications folder. This change
+ occurred with the upgrade to Vidalia 0.2.3.
+
+
+ Changes in version 0.2.1.21 - 2009-12-21
+ Tor 0.2.1.21 fixes an incompatibility with the most recent OpenSSL
+ library. If you use Tor on Linux / Unix and you're getting SSL
+ renegotiation errors, upgrading should help. We also recommend an
+ upgrade if you're an exit relay.
+
o Major bugfixes:
- Work around a security feature in OpenSSL 0.9.8l that prevents our
- handshake from working unless we explicitly tell OpenSSL that we are
- using SSL renegotiation safely. We are, of course, but OpenSSL
+ handshake from working unless we explicitly tell OpenSSL that we
+ are using SSL renegotiation safely. We are, of course, but OpenSSL
0.9.8l won't work unless we say we are.
- Avoid crashing if the client is trying to upload many bytes and the
circuit gets torn down at the same time, or if the flip side
projects / thirdparty / tor.git / commitdiff
