fold in changes entries so far
This commit is contained in:
parent
0196647970
commit
53e11977e4
145
ChangeLog
145
ChangeLog
|
@ -1,3 +1,148 @@
|
|||
Changes in version 0.2.4.11-alpha - 2013-03-11
|
||||
Tor 0.2.4.11-alpha makes relay measurement by directory authorities
|
||||
more robust, makes hidden service authentication work again, and
|
||||
resolves a DPI fingerprint for Tor's SSL transport.
|
||||
|
||||
o Major features (directory authorities):
|
||||
- Directory authorities now support a new consensus method (17)
|
||||
where they cap the published bandwidth of servers for which
|
||||
insufficient bandwidth measurements exist. Fixes part of bug 2286.
|
||||
- Directory authorities that set "DisableV2DirectoryInfo_ 1" no longer
|
||||
serve any v2 directory information. Now we can test disabling the
|
||||
old deprecated v2 directory format, and see whether doing so has
|
||||
any effect on network load. Begins to fix bug 6783.
|
||||
- Directory authorities now include inside each vote a statement of
|
||||
the performance thresholds they used when assigning flags.
|
||||
Implements ticket 8151.
|
||||
|
||||
o Major bugfixes (directory authorities):
|
||||
- Stop marking every relay as having been down for one hour every
|
||||
time we restart a directory authority. These artificial downtimes
|
||||
were messing with our Stable and Guard flag calculations. Fixes
|
||||
bug 8218 (introduced by the fix for 1035). Bugfix on 0.2.2.23-alpha.
|
||||
|
||||
o Major bugfixes (hidden services):
|
||||
- Allow hidden service authentication to succeed again. When we
|
||||
refactored the hidden service introduction code back
|
||||
in 0.2.4.1-alpha, we didn't update the code that checks
|
||||
whether authentication information is present, causing all
|
||||
authentication checks to return "false". Fix for bug 8207; bugfix
|
||||
on 0.2.4.1-alpha. Found by Coverity; this is CID 718615.
|
||||
|
||||
o Minor features (relays, bridges):
|
||||
- Make bridge relays check once a minute for whether their IP
|
||||
address has changed, rather than only every 15 minutes. Resolves
|
||||
bugs 1913 and 1992.
|
||||
- Refactor resolve_my_address() so it returns the method by which we
|
||||
decided our public IP address (explicitly configured, resolved from
|
||||
explicit hostname, guessed from interfaces, learned by gethostname).
|
||||
Now we can provide more helpful log messages when a relay guesses
|
||||
its IP address incorrectly (e.g. due to unexpected lines in
|
||||
/etc/hosts). Resolves ticket 2267.
|
||||
- Teach bridge-using clients to avoid 0.2.2 bridges when making
|
||||
microdescriptor-related dir requests, and only fall back to normal
|
||||
descriptors if none of their bridges can handle microdescriptors
|
||||
(as opposed to the fix in ticket 4013, which caused them to fall
|
||||
back to normal descriptors if *any* of their bridges preferred
|
||||
them). Resolves ticket 4994.
|
||||
- Randomize the lifetime of our SSL link certificate, so censors can't
|
||||
use the static value for filtering Tor flows. Resolves ticket 8443;
|
||||
related to ticket 4014 which was included in 0.2.2.33.
|
||||
|
||||
o Minor features (portability):
|
||||
- Tweak the curve25519-donna*.c implementations to tolerate systems
|
||||
that lack stdint.h. Fixes bug 3894; bugfix on 0.2.4.8-alpha.
|
||||
- Use Ville Laurikari's implementation of AX_CHECK_SIGN() to determine
|
||||
the signs of types during autoconf. This is better than our old
|
||||
approach, which didn't work when cross-compiling.
|
||||
- Detect the sign of enum values, rather than assuming that MSC is the
|
||||
only compiler where enum types are all signed. Fixes bug 7727;
|
||||
bugfix on 0.2.4.10-alpha.
|
||||
|
||||
o Minor features (other):
|
||||
- Say "KBytes" rather than "KB" in the man page (for various values
|
||||
of K), to further reduce confusion about whether Tor counts in
|
||||
units of memory or fractions of units of memory. Resolves ticket 7054.
|
||||
- Clear the high bit on curve25519 public keys before passing them to
|
||||
our backend, in case we ever wind up using a backend that doesn't do
|
||||
so itself. If we used such a backend, and *didn't* clear the high bit,
|
||||
we could wind up in a situation where users with such backends would
|
||||
be distinguishable from users without. Fixes bug 8121; bugfix on
|
||||
0.2.4.8-alpha.
|
||||
- Update to the February 6 2013 Maxmind GeoLite Country database.
|
||||
|
||||
o Minor bugfixes (clients):
|
||||
- When we receive a RELAY_END cell with the reason DONE, or with no
|
||||
reason, before receiving a RELAY_CONNECTED cell, report the SOCKS
|
||||
status as "connection refused". Previously we reported these cases
|
||||
as success but then immediately closed the connection. Fixes bug
|
||||
7902; bugfix on 0.1.0.1-rc. Reported by "oftc_must_be_destroyed".
|
||||
- Downgrade an assertion in connection_ap_expire_beginning to an
|
||||
LD_BUG message. The fix for bug 8024 should prevent this message
|
||||
from displaying, but just in case, a warn that we can diagnose
|
||||
is better than more assert crashes. Fixes bug 8065; bugfix on
|
||||
0.2.4.8-alpha.
|
||||
- Lower path use bias thresholds to .80 for notice and .60 for warn.
|
||||
Also make the rate limiting flags for the path use bias log messages
|
||||
independent from the original path bias flags. Fixes bug 8161;
|
||||
bugfix on 0.2.4.10-alpha.
|
||||
|
||||
o Minor bugfixes (relays):
|
||||
- Stop trying to resolve our hostname so often (e.g. every time we
|
||||
think about doing a directory fetch). Now we reuse the cached
|
||||
answer in some cases. Fixes bugs 1992 (bugfix on 0.2.0.20-rc)
|
||||
and 2410 (bugfix on 0.1.2.2-alpha).
|
||||
- Stop sending a stray "(null)" in some cases for the server status
|
||||
"EXTERNAL_ADDRESS" controller event. Resolves bug 8200; bugfix
|
||||
on 0.1.2.6-alpha.
|
||||
- When choosing which stream on a formerly stalled circuit to wake
|
||||
first, make better use of the platform's weak RNG. Previously,
|
||||
we had been using the % ("modulo") operator to try to generate a
|
||||
1/N chance of picking each stream, but this behaves badly with
|
||||
many platforms' choice of weak RNG. Fixes bug 7801; bugfix on
|
||||
0.2.2.20-alpha.
|
||||
- Use our own weak RNG when we need a weak RNG. Windows's rand() and
|
||||
Irix's random() only return 15 bits; Solaris's random() returns more
|
||||
bits but its RAND_MAX says it only returns 15, and so on. Motivated
|
||||
by the fix for bug 7801; bugfix on 0.2.2.20-alpha.
|
||||
|
||||
o Minor bugfixes (directory authorities):
|
||||
- Directory authorities now use less space when formatting identical
|
||||
microdescriptor lines in directory votes. Fixes bug 8158; bugfix
|
||||
on 0.2.4.1-alpha.
|
||||
|
||||
o Minor bugfixes (memory leaks spotted by Coverity -- bug 7816):
|
||||
- Avoid leaking memory if we fail to compute a consensus signature
|
||||
or we generate a consensus we can't parse. Bugfix on 0.2.0.5-alpha.
|
||||
- Fix a memory leak when receiving headers from an HTTPS proxy. Bugfix
|
||||
on 0.2.1.1-alpha.
|
||||
- Fix a memory leak during safe-cookie controller authentication.
|
||||
Bugfix on 0.2.3.13-alpha.
|
||||
- Avoid memory leak of IPv6 policy content if we fail to format it into
|
||||
a router descriptor. Bugfix on 0.2.4.7-alpha.
|
||||
|
||||
o Minor bugfixes (other code correctness issues):
|
||||
- Avoid a crash if we fail to generate an extrainfo descriptor.
|
||||
Fixes bug 8208; bugfix on 0.2.3.16-alpha. Found by Coverity;
|
||||
this is CID 718634.
|
||||
- When detecting the largest possible file descriptor (in order to
|
||||
close all file descriptors when launching a new program), actually
|
||||
use _SC_OPEN_MAX. The old code for doing this was very, very broken.
|
||||
Fixes bug 8209; bugfix on 0.2.3.1-alpha. Found by Coverity; this
|
||||
is CID 743383.
|
||||
- Fix a copy-and-paste error when adding a missing A1 to a routerset
|
||||
because of GeoIPExcludeUnknown. Fix for Coverity CID 980650.
|
||||
Bugfix on 0.2.4.10-alpha.
|
||||
- Fix an impossible-to-trigger integer overflow when estimating how
|
||||
long our onionskin queue would take. (This overflow would require us
|
||||
to accept 4 million onionskins before processing 100 of them.) Fixes
|
||||
bug 8210; bugfix on 0.2.4.10-alpha.
|
||||
|
||||
o Code simplification and refactoring:
|
||||
- Add a wrapper function for the common "log a message with a
|
||||
rate-limit" case.
|
||||
|
||||
|
||||
Changes in version 0.2.4.10-alpha - 2013-02-04
|
||||
Tor 0.2.4.10-alpha adds defenses at the directory authority level from
|
||||
certain attacks that flood the network with relays; changes the queue
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
o Major features (deprecation):
|
||||
- There's now a "DisableV2DirectoryInfo_" option that prevents us
|
||||
from serving any directory requests for v2 directory information.
|
||||
This is for us to test disabling the old deprecated V2 directory
|
||||
format, so that we can see whether doing so has any effect on
|
||||
network load. Part of a fix for bug 6783.
|
|
@ -1,11 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Stop trying to resolve our hostname so often (e.g. every time we
|
||||
think about doing a directory fetch). Now we reuse the cached
|
||||
answer in some cases. Fixes bugs 1992 (bugfix on 0.2.0.20-rc)
|
||||
and 2410 (bugfix on 0.1.2.2-alpha).
|
||||
|
||||
o Minor features:
|
||||
- Make bridge relays check once a minute for whether their IP
|
||||
address has changed, rather than only every 15 minutes. Resolves
|
||||
bugs 1913 and 1992.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Major features (directory authority):
|
||||
- Directory authorities now support a new consensus method (17)
|
||||
where they cap the published bandwidth of servers for which
|
||||
insufficient bandwidth measurements exist. Fixes part of bug
|
||||
2286.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (man page):
|
||||
- Say "KBytes" rather than "KB" in the man page (for various values
|
||||
of K), to further reduce confusion about whether Tor counts in
|
||||
units of memory or fractions of units of memory. Fixes bug 7054.
|
|
@ -1,13 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- When choosing which stream on a formerly stalled circuit to wake
|
||||
first, make better use of the platform's weak RNG. Previously, we
|
||||
had been using the % ("modulo") operator to try to generate a 1/N
|
||||
chance of picking each stream, but this behaves badly with many
|
||||
platforms' choice of weak RNG. Fix for bug 7801; bugfix on
|
||||
0.2.2.20-alpha.
|
||||
- Use our own weak RNG when we need a weak RNG. Windows's rand()
|
||||
and Irix's random() only return 15 bits; Solaris's random()
|
||||
returns more bits but its RAND_MAX says it only returns 15, and
|
||||
so on. Fixes another aspect of bug 7801; bugfix on
|
||||
0.2.2.20-alpha.
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Avoid leaking IPv6 policy content if we fail to format it into
|
||||
a router descriptor. Spotted by Coverity. Fixes part of 7816;
|
||||
bugfix on 0.2.4.7-alpha.
|
||||
|
||||
- Avoid leaking memory if we fail to compute a consensus signature
|
||||
or we generated a consensus we couldn't parse. Spotted by Coverity.
|
||||
Fixes part of 7816; bugfix on 0.2.0.5-alpha.
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes (memory leak, controller):
|
||||
- Fix a memory leak during safe-cookie controller authentication.
|
||||
Spotted by Coverity. Fixes part of bug 7816; bugfix on 0.2.3.13-alpha.
|
||||
|
||||
o Minor bugfixes (memory leak, HTTPS proxy support):
|
||||
- Fix a memory leak when receiving headers from an HTTPS proxy.
|
||||
Spotted by Coverity. Fixes part of bug 7816; bugfix on 0.2.1.1-alpha.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Fix various places where we leak file descriptors or memory on
|
||||
error cases. Spotted by coverity. Fixes parts of bug 7816.
|
|
@ -1,7 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- When we receive a RELAY_END cell with the reason DONE, or with no
|
||||
reason, before receiving a RELAY_CONNECTED cell, report the SOCKS
|
||||
status as "connection refused." Previously we reporting these
|
||||
cases as success but then immediately closing the connection.
|
||||
Fixes bug 7902; bugfix on 0.1.0.1-rc. Reported by "oftc_must_
|
||||
be_destroyed."
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Downgrade an assertion in connection_ap_expire_beginning to
|
||||
an LD_BUG message. The fix for bug 8024 should prevent this
|
||||
message from displaying, but just in case a warn that we can
|
||||
diagnose is better than more assert crashes. Fix for bug 8065;
|
||||
bugfix on 0.2.4.8-alpha.
|
|
@ -1,7 +0,0 @@
|
|||
o Minor features:
|
||||
- Clear the high bit on curve25519 public keys before passing them to
|
||||
our backend, in case we ever wind up using a backend that doesn't do
|
||||
so itself. If we used such a backend, and *didn't* clear the high bit,
|
||||
we could wind up in a situation where users with such backends would
|
||||
be distinguishable from users without. Fix for bug 8121; bugfix on
|
||||
0.2.4.8-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor features (directory authority):
|
||||
- Include inside each vote a statement of the performance
|
||||
thresholds that made the authority vote for its flags. Implements
|
||||
ticket 8151.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Use less space when formatting identical microdescriptor lines in
|
||||
directory votes. Fixes bug 8158; bugfix on 0.2.4.1-alpha.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor changes:
|
||||
- Lower path use bias thresholds to .80 for notice and .60 for warn.
|
||||
Fixes bug #8161; bugfix on 0.2.4.10-alpa.
|
||||
- Make the rate limiting flags for the path use bias log messages
|
||||
independent from the original path bias flags. Fixes bug #8161;
|
||||
bugfix on 0.2.4.10-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfix:
|
||||
- Stop sending a stray "(null)" in some cases for the server status
|
||||
"EXTERNAL_ADDRESS" controller event. Resolves bug 8200; bugfix
|
||||
on 0.1.2.6-alpha.
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
o Major bugfixes (hidden services):
|
||||
- Allow hidden service authentication to succeed again. When we
|
||||
refactored the hidden service introduction code back in 0.2.4.1-alpha,
|
||||
we didn't update the code that checks whether authentication
|
||||
information is present, causing all authentication checks to
|
||||
return "false". Fix for bug 8207; bugfix on 0.2.4.1-alpha. Found by
|
||||
Coverity; this is CID 718615.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Avoid a crash if we fail to generate an extrinfo descriptor.
|
||||
Fixes bug 8208; bugfix on 0.2.3.16-alpha. Found by Coverity;
|
||||
this is CID 718634.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- When detecting the largest possible file descriptor (in order to close
|
||||
all file descriptors when launching a new program), actually use
|
||||
_SC_OPEN_MAX. The old code for doing this was very, very broken.
|
||||
Fix for bug 8209; bugfix on 0.2.3.1-alpha. Found by Coverity; this
|
||||
is CID 743383.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Fix an impossible-to-trigger integer overflow when
|
||||
estimating how long out onionskin queue would take. (This overflow
|
||||
would require us to accept 4 million onionskins before processing
|
||||
100 of them.) Fixes bug 8210; bugfix on 0.2.4.10-alpha.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Stop marking every relay as having been down for one hour every
|
||||
time we restart a directory authority. These artificial downtimes
|
||||
were messing with our Stable and Guard flag calculations. Fixes
|
||||
bug 8218 (introduced by the fix for 1035). Bugfix on 0.2.2.23-alpha.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Fix a copy-and-paste error when adding a missing A1 to a routerset
|
||||
because of GeoIPExcludeUnknown. Fix for coverity CID 980650.
|
||||
Bugfix on 0.2.4.10-alpha.
|
|
@ -1,3 +0,0 @@
|
|||
o Code simplification and refactoring:
|
||||
- Add a wrapper function for the common "log a message with a rate-limit"
|
||||
case.
|
|
@ -1,7 +0,0 @@
|
|||
o Minor features:
|
||||
- Teach bridge-using clients to avoid 0.2.2 bridges when making
|
||||
microdescriptor-related dir requests, and only fall back to normal
|
||||
descriptors if none of their bridges can handle microdescriptors
|
||||
(as opposed to the fix in ticket 4013, which caused them to fall
|
||||
back to normal descriptors if *any* of their bridges preferred
|
||||
them). Resolves ticket 4994.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor features:
|
||||
- Update to the February 6 2013 Maxmind GeoLite Country database.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (portability)
|
||||
- Tweak the curve25519-donna*.c implementations to tolerate systems
|
||||
that lack stdint.h. Fixes bug 3894; bugfix on 0.2.4.8-alpha.
|
|
@ -1,7 +0,0 @@
|
|||
o Code simplifications and refactoring:
|
||||
- Use Ville Laurikari's implementation of AX_CHECK_SIGN() to determine
|
||||
the signs of types during autoconf. This is better than our old
|
||||
approach, which didn't work when cross-compiling.
|
||||
- Detect the sign of enum values, rather than assuming that MSC is the
|
||||
only compiler where enum types are all signed. Fix for bug 7727;
|
||||
bugfix on 0.2.4.10-alpha.
|
|
@ -1,8 +0,0 @@
|
|||
o Minor features:
|
||||
- Refactor resolve_my_address() so it returns the method by which we
|
||||
decided our public IP address (explicitly configured, resolved from
|
||||
explicit hostname, guessed from interfaces, learned by gethostname).
|
||||
Now we can provide more helpful log messages when a relay guesses
|
||||
its IP address incorrectly (e.g. due to unexpected lines in
|
||||
/etc/hosts). Resolves ticket 2267.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Randomize the lifetime of our SSL link certificate, so censors can't
|
||||
use the static value for filtering Tor flows. Resolves ticket 8443;
|
||||
related to ticket 4014 which was included in 0.2.2.33.
|
Loading…
Reference in New Issue