- Changes in version 0.2.2.8-alpha - 2010-01-26
- o Major bugfixes:
- - Fix a memory corruption bug on bridges that occured during the
- inclusion of stats data in extra-info descriptors. Also fix the
- interface for geoip_get_bridge_stats* to prevent similar bugs in
- the future. Diagnosis by Tas, patch by Karsten and Sebastian.
- Fixes bug 1208; bugfix on 0.2.2.7-alpha.
+Changes in version 0.2.2.9-alpha - 2010-02-22
+ o Directory authority changes:
+ - Change IP address for dannenberg (v3 directory authority), and
+ remove moria2 (obsolete v1, v2 directory authority and v0 hidden
+ service directory authority) from the list.
+
+ o Major bugfixes:
+ - Make Tor work again on the latest OS X: when deciding whether to
+ use strange flags to turn TLS renegotiation on, detect the OpenSSL
+ version at run-time, not compile time. We need to do this because
+ Apple doesn't update its dev-tools headers when it updates its
+ libraries in a security patch.
+ - Fix a potential buffer overflow in lookup_last_hid_serv_request()
+ that could happen on 32-bit platforms with 64-bit time_t. Also fix
+ a memory leak when requesting a hidden service descriptor we've
+ requested before. Fixes bug 1242, bugfix on 0.2.0.18-alpha. Found
+ by aakova.
+ - Authorities could be tricked into giving out the Exit flag to relays
+ that didn't allow exiting to any ports. This bug could screw
+ with load balancing and stats. Bugfix on 0.1.1.6-alpha; fixes bug
+ 1238. Bug discovered by Martin Kowalczyk.
+
+ o Minor bugfixes:
+ - Fix static compilation by listing the openssl libraries in the right
+ order. Bugfix on Tor 0.2.2.8-alpha; fixes bug 1237.
+ - Resume handling .exit hostnames in a special way: originally we
+ stripped the .exit part and used the requested exit relay. In
+ 0.2.2.1-alpha we stopped treating them in any special way, meaning
+ if you use a .exit address then Tor will pass it on to the exit
+ relay. Now we reject the .exit stream outright, since that behavior
+ might be more expected by the user. Found and diagnosed by Scott
+ Bennett and Downie on or-talk.
+ - Don't spam the controller with events when we have no file
+ descriptors available. Bugfix on 0.2.1.5-alpha. (Rate-limiting
+ for log messages was already solved from bug 748.)
+ - Avoid a bogus overlapped memcpy in tor_addr_copy(). Reported by
+ "memcpyfail".
+ - Make the DNSPort option work with libevent 2.x. Don't alter the
+ behaviour for libevent 1.x. Fixes bug 1143. Found by SwissTorExit.
+ - Emit a GUARD DROPPED controller event for a case we missed.
+ - Make more fields in the controller protocol case-insensitive, since
+ control-spec.txt said they were.
+ - Refactor resolve_my_address() to not use gethostbyname() anymore.
+ Fixes bug 1244; bugfix on 0.0.2pre25. Reported by Mike Mestnik.
+
+ o Code simplifications and refactoring:
+ - Generate our manpage and HTML documentation using Asciidoc. This
+ change should make it easier to maintain the documentation, and
+ produce nicer HTML.
+ - Remove the --enable-iphone option. According to reports from Marco
+ Bonetti, Tor builds fine without any special tweaking on recent
+ iPhone SDK versions.
+ - Removed some unnecessary files from the source distribution. The
+ AUTHORS file has now been merged into the people page on the
+ website. The roadmaps and design doc can now be found in the
+ projects directory in svn.
+ - Enabled various circuit build timeout constants to be controlled
+ by consensus parameters. Also set better defaults for these
+ parameters based on experimentation on broadband and simulated
+ high latency links.
+
+ o Minor features:
+ - The 'EXTENDCIRCUIT' control port command can now be used with
+ a circ id of 0 and no path. This feature will cause Tor to build
+ a new 'fast' general purpose circuit using its own path selection
+ algorithms.
+ - Added a BUILDTIMEOUT_SET controller event to describe changes
+ to the circuit build timeout.
+ - Future-proof the controller protocol a bit by ignoring keyword
+ arguments we do not recognize.
+
+
+ Changes in version 0.2.1.24 - 2010-02-21
+ Tor 0.2.1.24 makes Tor work again on the latest OS X -- this time
+ for sure!
- o Minor bugfixes:
- - Ignore OutboundBindAddress when connecting to localhost.
- Connections to localhost need to come _from_ localhost, or else
- local servers (like DNS and outgoing HTTP/SOCKS proxies) will often
- refuse to listen.
-
-
- Changes in version 0.2.1.24 - 2010-??-??
o Minor bugfixes:
- Work correctly out-of-the-box with even more vendor-patched versions
- of OpenSSL.
+ of OpenSSL. In particular, make it so Debian and OS X don't need
+ customized patches to run/build.
Changes in version 0.2.1.23 - 2010-02-13
over the behavior introduced in 0.1.2.17.
++Changes in version 0.2.2.8-alpha - 2010-01-26
++ o Major bugfixes:
++ - Fix a memory corruption bug on bridges that occured during the
++ inclusion of stats data in extra-info descriptors. Also fix the
++ interface for geoip_get_bridge_stats* to prevent similar bugs in
++ the future. Diagnosis by Tas, patch by Karsten and Sebastian.
++ Fixes bug 1208; bugfix on 0.2.2.7-alpha.
++
++ o Minor bugfixes:
++ - Ignore OutboundBindAddress when connecting to localhost.
++ Connections to localhost need to come _from_ localhost, or else
++ local servers (like DNS and outgoing HTTP/SOCKS proxies) will often
++ refuse to listen.
++
++
+Changes in version 0.2.2.7-alpha - 2010-01-19
+ Tor 0.2.2.7-alpha fixes a huge client-side performance bug, as well
+ as laying the groundwork for further relay-side performance fixes. It
+ also starts cleaning up client behavior with respect to the EntryNodes,
+ ExitNodes, and StrictNodes config options.
+
+ This release also rotates two directory authority keys, due to a
+ security breach of some of the Torproject servers.
+
+ o Directory authority changes:
+ - Rotate keys (both v3 identity and relay identity) for moria1
+ and gabelmoo.
+
+ o Major features (performance):
+ - We were selecting our guards uniformly at random, and then weighting
+ which of our guards we'd use uniformly at random. This imbalance
+ meant that Tor clients were severely limited on throughput (and
+ probably latency too) by the first hop in their circuit. Now we
+ select guards weighted by currently advertised bandwidth. We also
+ automatically discard guards picked using the old algorithm. Fixes
+ bug 1217; bugfix on 0.2.1.3-alpha. Found by Mike Perry.
+ - When choosing which cells to relay first, relays can now favor
+ circuits that have been quiet recently, to provide lower latency
+ for low-volume circuits. By default, relays enable or disable this
+ feature based on a setting in the consensus. You can override
+ this default by using the new "CircuitPriorityHalflife" config
+ option. Design and code by Ian Goldberg, Can Tang, and Chris
+ Alexander.
+ - Add separate per-conn write limiting to go with the per-conn read
+ limiting. We added a global write limit in Tor 0.1.2.5-alpha,
+ but never per-conn write limits.
+ - New consensus params "bwconnrate" and "bwconnburst" to let us
+ rate-limit client connections as they enter the network. It's
+ controlled in the consensus so we can turn it on and off for
+ experiments. It's starting out off. Based on proposal 163.
+
+ o Major features (relay selection options):
+ - Switch to a StrictNodes config option, rather than the previous
+ "StrictEntryNodes" / "StrictExitNodes" separation that was missing a
+ "StrictExcludeNodes" option.
+ - If EntryNodes, ExitNodes, ExcludeNodes, or ExcludeExitNodes
+ change during a config reload, mark and discard all our origin
+ circuits. This fix should address edge cases where we change the
+ config options and but then choose a circuit that we created before
+ the change.
+ - If EntryNodes or ExitNodes are set, be more willing to use an
+ unsuitable (e.g. slow or unstable) circuit. The user asked for it,
+ they get it.
+ - Make EntryNodes config option much more aggressive even when
+ StrictNodes is not set. Before it would prepend your requested
+ entrynodes to your list of guard nodes, but feel free to use others
+ after that. Now it chooses only from your EntryNodes if any of
+ those are available, and only falls back to others if a) they're
+ all down and b) StrictNodes is not set.
+ - Now we refresh your entry guards from EntryNodes at each consensus
+ fetch -- rather than just at startup and then they slowly rot as
+ the network changes.
+
+ o Major bugfixes:
+ - Stop bridge directory authorities from answering dbg-stability.txt
+ directory queries, which would let people fetch a list of all
+ bridge identities they track. Bugfix on 0.2.1.6-alpha.
+
+ o Minor features:
+ - Log a notice when we get a new control connection. Now it's easier
+ for security-conscious users to recognize when a local application
+ is knocking on their controller door. Suggested by bug 1196.
+ - New config option "CircuitStreamTimeout" to override our internal
+ timeout schedule for how many seconds until we detach a stream from
+ a circuit and try a new circuit. If your network is particularly
+ slow, you might want to set this to a number like 60.
+ - New controller command "getinfo config-text". It returns the
+ contents that Tor would write if you send it a SAVECONF command,
+ so the controller can write the file to disk itself.
+ - New options for SafeLogging to allow scrubbing only log messages
+ generated while acting as a relay.
+ - Ship the bridges spec file in the tarball too.
+ - Avoid a mad rush at the beginning of each month when each client
+ rotates half of its guards. Instead we spread the rotation out
+ throughout the month, but we still avoid leaving a precise timestamp
+ in the state file about when we first picked the guard. Improves
+ over the behavior introduced in 0.1.2.17.
+
+ o Minor bugfixes (compiling):
+ - Fix compilation on OS X 10.3, which has a stub mlockall() but
+ hides it. Bugfix on 0.2.2.6-alpha.
+ - Fix compilation on Solaris by removing support for the
+ DisableAllSwap config option. Solaris doesn't have an rlimit for
+ mlockall, so we cannot use it safely. Fixes bug 1198; bugfix on
+ 0.2.2.6-alpha.
+
+ o Minor bugfixes (crashes):
+ - Do not segfault when writing buffer stats when we haven't observed
+ a single circuit to report about. Found by Fabian Lanze. Bugfix on
+ 0.2.2.1-alpha.
+ - If we're in the pathological case where there's no exit bandwidth
+ but there is non-exit bandwidth, or no guard bandwidth but there
+ is non-guard bandwidth, don't crash during path selection. Bugfix
+ on 0.2.0.3-alpha.
+ - Fix an impossible-to-actually-trigger buffer overflow in relay
+ descriptor generation. Bugfix on 0.1.0.15.
+
+ o Minor bugfixes (privacy):
+ - Fix an instance where a Tor directory mirror might accidentally
+ log the IP address of a misbehaving Tor client. Bugfix on
+ 0.1.0.1-rc.
+ - Don't list Windows capabilities in relay descriptors. We never made
+ use of them, and maybe it's a bad idea to publish them. Bugfix
+ on 0.1.1.8-alpha.
+
+ o Minor bugfixes (other):
+ - Resolve an edge case in path weighting that could make us misweight
+ our relay selection. Fixes bug 1203; bugfix on 0.0.8rc1.
+ - Fix statistics on client numbers by country as seen by bridges that
+ were broken in 0.2.2.1-alpha. Also switch to reporting full 24-hour
+ intervals instead of variable 12-to-48-hour intervals.
+ - After we free an internal connection structure, overwrite it
+ with a different memory value than we use for overwriting a freed
+ internal circuit structure. Should help with debugging. Suggested
+ by bug 1055.
+ - Update our OpenSSL 0.9.8l fix so that it works with OpenSSL 0.9.8m
+ too.
+
+ o Removed features:
+ - Remove the HSAuthorityRecordStats option that version 0 hidden
+ service authorities could have used to track statistics of overall
+ hidden service usage.
+
+
Changes in version 0.2.1.22 - 2010-01-19
Tor 0.2.1.22 fixes a critical privacy problem in bridge directory
authorities -- it would tell you its whole history of bridge descriptors
projects / thirdparty / tor.git / commitdiff
