|
@@ -1,3 +1,189 @@
|
|
|
+Changes in version 0.2.2.25-alpha - 2011-04-29
|
|
|
+ Tor 0.2.2.25-alpha fixes many bugs: hidden service clients are more
|
|
|
+ robust, routers no longer overreport their bandwidth, Win7 should crash
|
|
|
+ a little less, and NEWNYM (as used by Vidalia's "new identity" button)
|
|
|
+ now prevents hidden service-related activity from being linkable. It
|
|
|
+ provides more information to Vidalia so you can see if your bridge is
|
|
|
+ working. Also, 0.2.2.25-alpha revamps the Entry/Exit/ExcludeNodes and
|
|
|
+ StrictNodes configuration options to make them more reliable, more
|
|
|
+ understandable, and more regularly applied. If you use those options,
|
|
|
+ please see the revised documentation for them in the manual page.
|
|
|
+
|
|
|
+ o Major bugfixes:
|
|
|
+ - Relays were publishing grossly inflated bandwidth values because
|
|
|
+ they were writing their state files wrong--now they write the
|
|
|
+ correct value. Also, resume reading bandwidth history from the
|
|
|
+ state file correctly. Fixes bug 2704; bugfix on 0.2.2.23-alpha.
|
|
|
+ - Improve hidden service robustness: When we find that we have
|
|
|
+ extended a hidden service's introduction circuit to a relay not
|
|
|
+ listed as an introduction point in the HS descriptor we currently
|
|
|
+ have, retry with an introduction point from the current
|
|
|
+ descriptor. Previously we would just give up. Fixes bugs 1024 and
|
|
|
+ 1930; bugfix on 0.2.0.10-alpha.
|
|
|
+ - Clients now stop trying to use an exit node associated with a given
|
|
|
+ destination by TrackHostExits if they fail to reach that exit node.
|
|
|
+ Fixes bug 2999. Bugfix on 0.2.0.20-rc.
|
|
|
+ - Fix crash bug on platforms where gmtime and localtime can return
|
|
|
+ NULL. Windows 7 users were running into this one. Fixes part of bug
|
|
|
+ 2077. Bugfix on all versions of Tor. Found by boboper.
|
|
|
+
|
|
|
+ o Security and stability fixes:
|
|
|
+ - Don't double-free a parsable, but invalid, microdescriptor, even if
|
|
|
+ it is followed in the blob we're parsing by an unparsable
|
|
|
+ microdescriptor. Fixes an issue reported in a comment on bug 2954.
|
|
|
+ Bugfix on 0.2.2.6-alpha; fix by "cypherpunks".
|
|
|
+ - If the Nickname configuration option isn't given, Tor would pick a
|
|
|
+ nickname based on the local hostname as the nickname for a relay.
|
|
|
+ Because nicknames are not very important in today's Tor and the
|
|
|
+ "Unnamed" nickname has been implemented, this is now problematic
|
|
|
+ behavior: It leaks information about the hostname without being
|
|
|
+ useful at all. Fixes bug 2979; bugfix on 0.1.2.2-alpha, which
|
|
|
+ introduced the Unnamed nickname. Reported by tagnaq.
|
|
|
+ - Fix an uncommon assertion failure when running with DNSPort under
|
|
|
+ heavy load. Fixes bug 2933; bugfix on 0.2.0.1-alpha.
|
|
|
+ - Avoid linkability based on cached hidden service descriptors: forget
|
|
|
+ all hidden service descriptors cached as a client when processing a
|
|
|
+ SIGNAL NEWNYM command. Fixes bug 3000; bugfix on 0.0.6.
|
|
|
+
|
|
|
+ o Major features:
|
|
|
+ - Export GeoIP information on bridge usage to controllers even if we
|
|
|
+ have not yet been running for 24 hours. Now Vidalia bridge operators
|
|
|
+ can get more accurate and immediate feedback about their
|
|
|
+ contributions to the network.
|
|
|
+
|
|
|
+ o Major features and bugfixes (node selection):
|
|
|
+ - Revise and reconcile the meaning of the ExitNodes, EntryNodes,
|
|
|
+ ExcludeEntryNodes, ExcludeExitNodes, ExcludeNodes, and StrictNodes
|
|
|
+ options. Previously, we had been ambiguous in describing what
|
|
|
+ counted as an "exit" node, and what operations exactly "StrictNodes
|
|
|
+ 0" would permit. This created confusion when people saw nodes built
|
|
|
+ through unexpected circuits, and made it hard to tell real bugs from
|
|
|
+ surprises. Now the intended behavior is:
|
|
|
+ . "Exit", in the context of ExitNodes and ExcludeExitNodes, means
|
|
|
+ a node that delivers user traffic outside the Tor network.
|
|
|
+ . "Entry", in the context of EntryNodes, means a node used as the
|
|
|
+ first hop of a multihop circuit. It doesn't include direct
|
|
|
+ connections to directory servers.
|
|
|
+ . "ExcludeNodes" applies to all nodes.
|
|
|
+ . "StrictNodes" changes the behavior of ExcludeNodes only. When
|
|
|
+ StrictNodes is set, Tor should avoid all nodes listed in
|
|
|
+ ExcludeNodes, even when it will make user requests fail. When
|
|
|
+ StrictNodes is *not* set, then Tor should follow ExcludeNodes
|
|
|
+ whenever it can, except when it must use an excluded node to
|
|
|
+ perform self-tests, connect to a hidden service, provide a
|
|
|
+ hidden service, fulfill a .exit request, upload directory
|
|
|
+ information, or fetch directory information.
|
|
|
+ Collectively, the changes to implement the behavior fix bug 1090.
|
|
|
+ - ExcludeNodes now takes precedence over EntryNodes and ExitNodes: if
|
|
|
+ a node is listed in both, it's treated as excluded.
|
|
|
+ - ExcludeNodes now applies to directory nodes -- as a preference if
|
|
|
+ StrictNodes is 0, or an absolute requirement if StrictNodes is 1.
|
|
|
+ Don't exclude all the directory authorities and set StrictNodes to 1
|
|
|
+ unless you really want your Tor to break.
|
|
|
+ - ExcludeNodes and ExcludeExitNodes now override exit enclaving.
|
|
|
+ - ExcludeExitNodes now overrides .exit requests.
|
|
|
+ - We don't use bridges listed in ExcludeNodes.
|
|
|
+ - When StrictNodes is 1:
|
|
|
+ . We now apply ExcludeNodes to hidden service introduction points
|
|
|
+ and to rendezvous points selected by hidden service users. This
|
|
|
+ can make your hidden service less reliable: use it with caution!
|
|
|
+ . If we have used ExcludeNodes on ourself, do not try relay
|
|
|
+ reachability self-tests.
|
|
|
+ . If we have excluded all the directory authorities, we will not
|
|
|
+ even try to upload our descriptor if we're a relay.
|
|
|
+ . Do not honor .exit requests to an excluded node.
|
|
|
+ - Remove a misfeature that caused us to ignore the Fast/Stable flags
|
|
|
+ when ExitNodes is set. Bugfix on 0.2.2.7-alpha.
|
|
|
+ - When the set of permitted nodes changes, we now remove any mappings
|
|
|
+ introduced via TrackExitHosts to now-excluded nodes. Bugfix on
|
|
|
+ 0.1.0.1-rc.
|
|
|
+ - We never cannibalize a circuit that had excluded nodes on it, even
|
|
|
+ if StrictNodes is 0. Bugfix on 0.1.0.1-rc.
|
|
|
+ - Revert a change where we would be laxer about attaching streams to
|
|
|
+ circuits than when building the circuits. This was meant to prevent
|
|
|
+ a set of bugs where streams were never attachable, but our improved
|
|
|
+ code here should make this unnecessary. Bugfix on 0.2.2.7-alpha.
|
|
|
+ - Keep track of how many times we launch a new circuit to handle a
|
|
|
+ given stream. Too many launches could indicate an inconsistency
|
|
|
+ between our "launch a circuit to handle this stream" logic and our
|
|
|
+ "attach this stream to one of the available circuits" logic.
|
|
|
+ - Improve log messages related to excluded nodes.
|
|
|
+
|
|
|
+ o Minor bugfixes:
|
|
|
+ - Fix a spurious warning when moving from a short month to a long
|
|
|
+ month on relays with month-based BandwidthAccounting. Bugfix on
|
|
|
+ 0.2.2.17-alpha; fixes bug 3020.
|
|
|
+ - When a client finds that an origin circuit has run out of 16-bit
|
|
|
+ stream IDs, we now mark it as unusable for new streams. Previously,
|
|
|
+ we would try to close the entire circuit. Bugfix on 0.0.6.
|
|
|
+ - Add a forgotten cast that caused a compile warning on OS X 10.6.
|
|
|
+ Bugfix on 0.2.2.24-alpha.
|
|
|
+ - Be more careful about reporting the correct error from a failed
|
|
|
+ connect() system call. Under some circumstances, it was possible to
|
|
|
+ look at an incorrect value for errno when sending the end reason.
|
|
|
+ Bugfix on 0.1.0.1-rc.
|
|
|
+ - Correctly handle an "impossible" overflow cases in connection byte
|
|
|
+ counting, where we write or read more than 4GB on an edge connection
|
|
|
+ in a single second. Bugfix on 0.1.2.8-beta.
|
|
|
+ - Correct the warning displayed when a rendezvous descriptor exceeds
|
|
|
+ the maximum size. Fixes bug 2750; bugfix on 0.2.1.5-alpha. Found by
|
|
|
+ John Brooks.
|
|
|
+ - Clients and hidden services now use HSDir-flagged relays for hidden
|
|
|
+ service descriptor downloads and uploads even if the relays have no
|
|
|
+ DirPort set and the client has disabled TunnelDirConns. This will
|
|
|
+ eventually allow us to give the HSDir flag to relays with no
|
|
|
+ DirPort. Fixes bug 2722; bugfix on 0.2.1.6-alpha.
|
|
|
+ - Downgrade "no current certificates known for authority" message from
|
|
|
+ Notice to Info. Fixes bug 2899; bugfix on 0.2.0.10-alpha.
|
|
|
+ - Make the SIGNAL DUMP control-port command work on FreeBSD. Fixes bug
|
|
|
+ 2917. Bugfix on 0.1.1.1-alpha.
|
|
|
+ - Only limit the lengths of single HS descriptors, even when multiple
|
|
|
+ HS descriptors are published to an HSDir relay in a single POST
|
|
|
+ operation. Fixes bug 2948; bugfix on 0.2.1.5-alpha. Found by hsdir.
|
|
|
+ - Write the current time into the LastWritten line in our state file,
|
|
|
+ rather than the time from the previous write attempt. Also, stop
|
|
|
+ trying to use a time of -1 in our log statements. Fixes bug 3039;
|
|
|
+ bugfix on 0.2.2.14-alpha.
|
|
|
+ - Be more consistent in our treatment of file system paths. "~" should
|
|
|
+ get expanded to the user's home directory in the Log config option.
|
|
|
+ Fixes bug 2971; bugfix on 0.2.0.1-alpha, which introduced the
|
|
|
+ feature for the -f and --DataDirectory options.
|
|
|
+
|
|
|
+ o Minor features:
|
|
|
+ - Make sure every relay writes a state file at least every 12 hours.
|
|
|
+ Previously, a relay could go for weeks without writing its state
|
|
|
+ file, and on a crash could lose its bandwidth history, capacity
|
|
|
+ estimates, client country statistics, and so on. Addresses bug 3012.
|
|
|
+ - Send END_STREAM_REASON_NOROUTE in response to EHOSTUNREACH errors.
|
|
|
+ Clients before 0.2.1.27 didn't handle NOROUTE correctly, but such
|
|
|
+ clients are already deprecated because of security bugs.
|
|
|
+ - Don't allow v0 hidden service authorities to act as clients.
|
|
|
+ Required by fix for bug 3000.
|
|
|
+ - Ignore SIGNAL NEWNYM commands on relay-only Tor instances. Required
|
|
|
+ by fix for bug 3000.
|
|
|
+ - Ensure that no empty [dirreq-](read|write)-history lines are added
|
|
|
+ to an extrainfo document. Implements ticket 2497.
|
|
|
+
|
|
|
+ o Code simplification and refactoring:
|
|
|
+ - Remove workaround code to handle directory responses from servers
|
|
|
+ that had bug 539 (they would send HTTP status 503 responses _and_
|
|
|
+ send a body too). Since only server versions before
|
|
|
+ 0.2.0.16-alpha/0.1.2.19 were affected, there is no longer reason to
|
|
|
+ keep the workaround in place.
|
|
|
+ - Remove the old 'fuzzy time' logic. It was supposed to be used for
|
|
|
+ handling calculations where we have a known amount of clock skew and
|
|
|
+ an allowed amount of unknown skew. But we only used it in three
|
|
|
+ places, and we never adjusted the known/unknown skew values. This is
|
|
|
+ still something we might want to do someday, but if we do, we'll
|
|
|
+ want to do it differently.
|
|
|
+ - Avoid signed/unsigned comparisons by making SIZE_T_CEILING unsigned.
|
|
|
+ None of the cases where we did this before were wrong, but by making
|
|
|
+ this change we avoid warnings. Fixes bug 2475; bugfix on 0.2.1.28.
|
|
|
+ - Use GetTempDir to find the proper temporary directory location on
|
|
|
+ Windows when generating temporary files for the unit tests. Patch by
|
|
|
+ Gisle Vanem.
|
|
|
+
|
|
|
+
|
|
|
Changes in version 0.2.2.24-alpha - 2011-04-08
|
|
|
Tor 0.2.2.24-alpha fixes a variety of bugs, including a big bug that
|
|
|
prevented Tor clients from effectively using "multihomed" bridges,
|