fold in changes entries so far
This commit is contained in:
parent
0196647970
commit
53e11977e4
145
ChangeLog
145
ChangeLog
|
@ -1,3 +1,148 @@
|
||||||
|
Changes in version 0.2.4.11-alpha - 2013-03-11
|
||||||
|
Tor 0.2.4.11-alpha makes relay measurement by directory authorities
|
||||||
|
more robust, makes hidden service authentication work again, and
|
||||||
|
resolves a DPI fingerprint for Tor's SSL transport.
|
||||||
|
|
||||||
|
o Major features (directory authorities):
|
||||||
|
- Directory authorities now support a new consensus method (17)
|
||||||
|
where they cap the published bandwidth of servers for which
|
||||||
|
insufficient bandwidth measurements exist. Fixes part of bug 2286.
|
||||||
|
- Directory authorities that set "DisableV2DirectoryInfo_ 1" no longer
|
||||||
|
serve any v2 directory information. Now we can test disabling the
|
||||||
|
old deprecated v2 directory format, and see whether doing so has
|
||||||
|
any effect on network load. Begins to fix bug 6783.
|
||||||
|
- Directory authorities now include inside each vote a statement of
|
||||||
|
the performance thresholds they used when assigning flags.
|
||||||
|
Implements ticket 8151.
|
||||||
|
|
||||||
|
o Major bugfixes (directory authorities):
|
||||||
|
- Stop marking every relay as having been down for one hour every
|
||||||
|
time we restart a directory authority. These artificial downtimes
|
||||||
|
were messing with our Stable and Guard flag calculations. Fixes
|
||||||
|
bug 8218 (introduced by the fix for 1035). Bugfix on 0.2.2.23-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (hidden services):
|
||||||
|
- Allow hidden service authentication to succeed again. When we
|
||||||
|
refactored the hidden service introduction code back
|
||||||
|
in 0.2.4.1-alpha, we didn't update the code that checks
|
||||||
|
whether authentication information is present, causing all
|
||||||
|
authentication checks to return "false". Fix for bug 8207; bugfix
|
||||||
|
on 0.2.4.1-alpha. Found by Coverity; this is CID 718615.
|
||||||
|
|
||||||
|
o Minor features (relays, bridges):
|
||||||
|
- Make bridge relays check once a minute for whether their IP
|
||||||
|
address has changed, rather than only every 15 minutes. Resolves
|
||||||
|
bugs 1913 and 1992.
|
||||||
|
- Refactor resolve_my_address() so it returns the method by which we
|
||||||
|
decided our public IP address (explicitly configured, resolved from
|
||||||
|
explicit hostname, guessed from interfaces, learned by gethostname).
|
||||||
|
Now we can provide more helpful log messages when a relay guesses
|
||||||
|
its IP address incorrectly (e.g. due to unexpected lines in
|
||||||
|
/etc/hosts). Resolves ticket 2267.
|
||||||
|
- Teach bridge-using clients to avoid 0.2.2 bridges when making
|
||||||
|
microdescriptor-related dir requests, and only fall back to normal
|
||||||
|
descriptors if none of their bridges can handle microdescriptors
|
||||||
|
(as opposed to the fix in ticket 4013, which caused them to fall
|
||||||
|
back to normal descriptors if *any* of their bridges preferred
|
||||||
|
them). Resolves ticket 4994.
|
||||||
|
- Randomize the lifetime of our SSL link certificate, so censors can't
|
||||||
|
use the static value for filtering Tor flows. Resolves ticket 8443;
|
||||||
|
related to ticket 4014 which was included in 0.2.2.33.
|
||||||
|
|
||||||
|
o Minor features (portability):
|
||||||
|
- Tweak the curve25519-donna*.c implementations to tolerate systems
|
||||||
|
that lack stdint.h. Fixes bug 3894; bugfix on 0.2.4.8-alpha.
|
||||||
|
- Use Ville Laurikari's implementation of AX_CHECK_SIGN() to determine
|
||||||
|
the signs of types during autoconf. This is better than our old
|
||||||
|
approach, which didn't work when cross-compiling.
|
||||||
|
- Detect the sign of enum values, rather than assuming that MSC is the
|
||||||
|
only compiler where enum types are all signed. Fixes bug 7727;
|
||||||
|
bugfix on 0.2.4.10-alpha.
|
||||||
|
|
||||||
|
o Minor features (other):
|
||||||
|
- Say "KBytes" rather than "KB" in the man page (for various values
|
||||||
|
of K), to further reduce confusion about whether Tor counts in
|
||||||
|
units of memory or fractions of units of memory. Resolves ticket 7054.
|
||||||
|
- Clear the high bit on curve25519 public keys before passing them to
|
||||||
|
our backend, in case we ever wind up using a backend that doesn't do
|
||||||
|
so itself. If we used such a backend, and *didn't* clear the high bit,
|
||||||
|
we could wind up in a situation where users with such backends would
|
||||||
|
be distinguishable from users without. Fixes bug 8121; bugfix on
|
||||||
|
0.2.4.8-alpha.
|
||||||
|
- Update to the February 6 2013 Maxmind GeoLite Country database.
|
||||||
|
|
||||||
|
o Minor bugfixes (clients):
|
||||||
|
- When we receive a RELAY_END cell with the reason DONE, or with no
|
||||||
|
reason, before receiving a RELAY_CONNECTED cell, report the SOCKS
|
||||||
|
status as "connection refused". Previously we reported these cases
|
||||||
|
as success but then immediately closed the connection. Fixes bug
|
||||||
|
7902; bugfix on 0.1.0.1-rc. Reported by "oftc_must_be_destroyed".
|
||||||
|
- Downgrade an assertion in connection_ap_expire_beginning to an
|
||||||
|
LD_BUG message. The fix for bug 8024 should prevent this message
|
||||||
|
from displaying, but just in case, a warn that we can diagnose
|
||||||
|
is better than more assert crashes. Fixes bug 8065; bugfix on
|
||||||
|
0.2.4.8-alpha.
|
||||||
|
- Lower path use bias thresholds to .80 for notice and .60 for warn.
|
||||||
|
Also make the rate limiting flags for the path use bias log messages
|
||||||
|
independent from the original path bias flags. Fixes bug 8161;
|
||||||
|
bugfix on 0.2.4.10-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (relays):
|
||||||
|
- Stop trying to resolve our hostname so often (e.g. every time we
|
||||||
|
think about doing a directory fetch). Now we reuse the cached
|
||||||
|
answer in some cases. Fixes bugs 1992 (bugfix on 0.2.0.20-rc)
|
||||||
|
and 2410 (bugfix on 0.1.2.2-alpha).
|
||||||
|
- Stop sending a stray "(null)" in some cases for the server status
|
||||||
|
"EXTERNAL_ADDRESS" controller event. Resolves bug 8200; bugfix
|
||||||
|
on 0.1.2.6-alpha.
|
||||||
|
- When choosing which stream on a formerly stalled circuit to wake
|
||||||
|
first, make better use of the platform's weak RNG. Previously,
|
||||||
|
we had been using the % ("modulo") operator to try to generate a
|
||||||
|
1/N chance of picking each stream, but this behaves badly with
|
||||||
|
many platforms' choice of weak RNG. Fixes bug 7801; bugfix on
|
||||||
|
0.2.2.20-alpha.
|
||||||
|
- Use our own weak RNG when we need a weak RNG. Windows's rand() and
|
||||||
|
Irix's random() only return 15 bits; Solaris's random() returns more
|
||||||
|
bits but its RAND_MAX says it only returns 15, and so on. Motivated
|
||||||
|
by the fix for bug 7801; bugfix on 0.2.2.20-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (directory authorities):
|
||||||
|
- Directory authorities now use less space when formatting identical
|
||||||
|
microdescriptor lines in directory votes. Fixes bug 8158; bugfix
|
||||||
|
on 0.2.4.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (memory leaks spotted by Coverity -- bug 7816):
|
||||||
|
- Avoid leaking memory if we fail to compute a consensus signature
|
||||||
|
or we generate a consensus we can't parse. Bugfix on 0.2.0.5-alpha.
|
||||||
|
- Fix a memory leak when receiving headers from an HTTPS proxy. Bugfix
|
||||||
|
on 0.2.1.1-alpha.
|
||||||
|
- Fix a memory leak during safe-cookie controller authentication.
|
||||||
|
Bugfix on 0.2.3.13-alpha.
|
||||||
|
- Avoid memory leak of IPv6 policy content if we fail to format it into
|
||||||
|
a router descriptor. Bugfix on 0.2.4.7-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (other code correctness issues):
|
||||||
|
- Avoid a crash if we fail to generate an extrainfo descriptor.
|
||||||
|
Fixes bug 8208; bugfix on 0.2.3.16-alpha. Found by Coverity;
|
||||||
|
this is CID 718634.
|
||||||
|
- When detecting the largest possible file descriptor (in order to
|
||||||
|
close all file descriptors when launching a new program), actually
|
||||||
|
use _SC_OPEN_MAX. The old code for doing this was very, very broken.
|
||||||
|
Fixes bug 8209; bugfix on 0.2.3.1-alpha. Found by Coverity; this
|
||||||
|
is CID 743383.
|
||||||
|
- Fix a copy-and-paste error when adding a missing A1 to a routerset
|
||||||
|
because of GeoIPExcludeUnknown. Fix for Coverity CID 980650.
|
||||||
|
Bugfix on 0.2.4.10-alpha.
|
||||||
|
- Fix an impossible-to-trigger integer overflow when estimating how
|
||||||
|
long our onionskin queue would take. (This overflow would require us
|
||||||
|
to accept 4 million onionskins before processing 100 of them.) Fixes
|
||||||
|
bug 8210; bugfix on 0.2.4.10-alpha.
|
||||||
|
|
||||||
|
o Code simplification and refactoring:
|
||||||
|
- Add a wrapper function for the common "log a message with a
|
||||||
|
rate-limit" case.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.4.10-alpha - 2013-02-04
|
Changes in version 0.2.4.10-alpha - 2013-02-04
|
||||||
Tor 0.2.4.10-alpha adds defenses at the directory authority level from
|
Tor 0.2.4.10-alpha adds defenses at the directory authority level from
|
||||||
certain attacks that flood the network with relays; changes the queue
|
certain attacks that flood the network with relays; changes the queue
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Major features (deprecation):
|
|
||||||
- There's now a "DisableV2DirectoryInfo_" option that prevents us
|
|
||||||
from serving any directory requests for v2 directory information.
|
|
||||||
This is for us to test disabling the old deprecated V2 directory
|
|
||||||
format, so that we can see whether doing so has any effect on
|
|
||||||
network load. Part of a fix for bug 6783.
|
|
|
@ -1,11 +0,0 @@
|
||||||
o Minor bugfixes:
|
|
||||||
- Stop trying to resolve our hostname so often (e.g. every time we
|
|
||||||
think about doing a directory fetch). Now we reuse the cached
|
|
||||||
answer in some cases. Fixes bugs 1992 (bugfix on 0.2.0.20-rc)
|
|
||||||
and 2410 (bugfix on 0.1.2.2-alpha).
|
|
||||||
|
|
||||||
o Minor features:
|
|
||||||
- Make bridge relays check once a minute for whether their IP
|
|
||||||
address has changed, rather than only every 15 minutes. Resolves
|
|
||||||
bugs 1913 and 1992.
|
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Major features (directory authority):
|
|
||||||
- Directory authorities now support a new consensus method (17)
|
|
||||||
where they cap the published bandwidth of servers for which
|
|
||||||
insufficient bandwidth measurements exist. Fixes part of bug
|
|
||||||
2286.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (man page):
|
|
||||||
- Say "KBytes" rather than "KB" in the man page (for various values
|
|
||||||
of K), to further reduce confusion about whether Tor counts in
|
|
||||||
units of memory or fractions of units of memory. Fixes bug 7054.
|
|
|
@ -1,13 +0,0 @@
|
||||||
o Minor bugfixes:
|
|
||||||
- When choosing which stream on a formerly stalled circuit to wake
|
|
||||||
first, make better use of the platform's weak RNG. Previously, we
|
|
||||||
had been using the % ("modulo") operator to try to generate a 1/N
|
|
||||||
chance of picking each stream, but this behaves badly with many
|
|
||||||
platforms' choice of weak RNG. Fix for bug 7801; bugfix on
|
|
||||||
0.2.2.20-alpha.
|
|
||||||
- Use our own weak RNG when we need a weak RNG. Windows's rand()
|
|
||||||
and Irix's random() only return 15 bits; Solaris's random()
|
|
||||||
returns more bits but its RAND_MAX says it only returns 15, and
|
|
||||||
so on. Fixes another aspect of bug 7801; bugfix on
|
|
||||||
0.2.2.20-alpha.
|
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
o Minor bugfixes:
|
|
||||||
- Avoid leaking IPv6 policy content if we fail to format it into
|
|
||||||
a router descriptor. Spotted by Coverity. Fixes part of 7816;
|
|
||||||
bugfix on 0.2.4.7-alpha.
|
|
||||||
|
|
||||||
- Avoid leaking memory if we fail to compute a consensus signature
|
|
||||||
or we generated a consensus we couldn't parse. Spotted by Coverity.
|
|
||||||
Fixes part of 7816; bugfix on 0.2.0.5-alpha.
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Minor bugfixes (memory leak, controller):
|
|
||||||
- Fix a memory leak during safe-cookie controller authentication.
|
|
||||||
Spotted by Coverity. Fixes part of bug 7816; bugfix on 0.2.3.13-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (memory leak, HTTPS proxy support):
|
|
||||||
- Fix a memory leak when receiving headers from an HTTPS proxy.
|
|
||||||
Spotted by Coverity. Fixes part of bug 7816; bugfix on 0.2.1.1-alpha.
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes:
|
|
||||||
- Fix various places where we leak file descriptors or memory on
|
|
||||||
error cases. Spotted by coverity. Fixes parts of bug 7816.
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Minor bugfixes:
|
|
||||||
- When we receive a RELAY_END cell with the reason DONE, or with no
|
|
||||||
reason, before receiving a RELAY_CONNECTED cell, report the SOCKS
|
|
||||||
status as "connection refused." Previously we reporting these
|
|
||||||
cases as success but then immediately closing the connection.
|
|
||||||
Fixes bug 7902; bugfix on 0.1.0.1-rc. Reported by "oftc_must_
|
|
||||||
be_destroyed."
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Minor bugfixes:
|
|
||||||
- Downgrade an assertion in connection_ap_expire_beginning to
|
|
||||||
an LD_BUG message. The fix for bug 8024 should prevent this
|
|
||||||
message from displaying, but just in case a warn that we can
|
|
||||||
diagnose is better than more assert crashes. Fix for bug 8065;
|
|
||||||
bugfix on 0.2.4.8-alpha.
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Minor features:
|
|
||||||
- Clear the high bit on curve25519 public keys before passing them to
|
|
||||||
our backend, in case we ever wind up using a backend that doesn't do
|
|
||||||
so itself. If we used such a backend, and *didn't* clear the high bit,
|
|
||||||
we could wind up in a situation where users with such backends would
|
|
||||||
be distinguishable from users without. Fix for bug 8121; bugfix on
|
|
||||||
0.2.4.8-alpha.
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor features (directory authority):
|
|
||||||
- Include inside each vote a statement of the performance
|
|
||||||
thresholds that made the authority vote for its flags. Implements
|
|
||||||
ticket 8151.
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes:
|
|
||||||
- Use less space when formatting identical microdescriptor lines in
|
|
||||||
directory votes. Fixes bug 8158; bugfix on 0.2.4.1-alpha.
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Minor changes:
|
|
||||||
- Lower path use bias thresholds to .80 for notice and .60 for warn.
|
|
||||||
Fixes bug #8161; bugfix on 0.2.4.10-alpa.
|
|
||||||
- Make the rate limiting flags for the path use bias log messages
|
|
||||||
independent from the original path bias flags. Fixes bug #8161;
|
|
||||||
bugfix on 0.2.4.10-alpha.
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfix:
|
|
||||||
- Stop sending a stray "(null)" in some cases for the server status
|
|
||||||
"EXTERNAL_ADDRESS" controller event. Resolves bug 8200; bugfix
|
|
||||||
on 0.1.2.6-alpha.
|
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Major bugfixes (hidden services):
|
|
||||||
- Allow hidden service authentication to succeed again. When we
|
|
||||||
refactored the hidden service introduction code back in 0.2.4.1-alpha,
|
|
||||||
we didn't update the code that checks whether authentication
|
|
||||||
information is present, causing all authentication checks to
|
|
||||||
return "false". Fix for bug 8207; bugfix on 0.2.4.1-alpha. Found by
|
|
||||||
Coverity; this is CID 718615.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes:
|
|
||||||
- Avoid a crash if we fail to generate an extrinfo descriptor.
|
|
||||||
Fixes bug 8208; bugfix on 0.2.3.16-alpha. Found by Coverity;
|
|
||||||
this is CID 718634.
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Minor bugfixes:
|
|
||||||
- When detecting the largest possible file descriptor (in order to close
|
|
||||||
all file descriptors when launching a new program), actually use
|
|
||||||
_SC_OPEN_MAX. The old code for doing this was very, very broken.
|
|
||||||
Fix for bug 8209; bugfix on 0.2.3.1-alpha. Found by Coverity; this
|
|
||||||
is CID 743383.
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Minor bugfixes:
|
|
||||||
- Fix an impossible-to-trigger integer overflow when
|
|
||||||
estimating how long out onionskin queue would take. (This overflow
|
|
||||||
would require us to accept 4 million onionskins before processing
|
|
||||||
100 of them.) Fixes bug 8210; bugfix on 0.2.4.10-alpha.
|
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Major bugfixes:
|
|
||||||
- Stop marking every relay as having been down for one hour every
|
|
||||||
time we restart a directory authority. These artificial downtimes
|
|
||||||
were messing with our Stable and Guard flag calculations. Fixes
|
|
||||||
bug 8218 (introduced by the fix for 1035). Bugfix on 0.2.2.23-alpha.
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes:
|
|
||||||
- Fix a copy-and-paste error when adding a missing A1 to a routerset
|
|
||||||
because of GeoIPExcludeUnknown. Fix for coverity CID 980650.
|
|
||||||
Bugfix on 0.2.4.10-alpha.
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Code simplification and refactoring:
|
|
||||||
- Add a wrapper function for the common "log a message with a rate-limit"
|
|
||||||
case.
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Minor features:
|
|
||||||
- Teach bridge-using clients to avoid 0.2.2 bridges when making
|
|
||||||
microdescriptor-related dir requests, and only fall back to normal
|
|
||||||
descriptors if none of their bridges can handle microdescriptors
|
|
||||||
(as opposed to the fix in ticket 4013, which caused them to fall
|
|
||||||
back to normal descriptors if *any* of their bridges preferred
|
|
||||||
them). Resolves ticket 4994.
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor features:
|
|
||||||
- Update to the February 6 2013 Maxmind GeoLite Country database.
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes (portability)
|
|
||||||
- Tweak the curve25519-donna*.c implementations to tolerate systems
|
|
||||||
that lack stdint.h. Fixes bug 3894; bugfix on 0.2.4.8-alpha.
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Code simplifications and refactoring:
|
|
||||||
- Use Ville Laurikari's implementation of AX_CHECK_SIGN() to determine
|
|
||||||
the signs of types during autoconf. This is better than our old
|
|
||||||
approach, which didn't work when cross-compiling.
|
|
||||||
- Detect the sign of enum values, rather than assuming that MSC is the
|
|
||||||
only compiler where enum types are all signed. Fix for bug 7727;
|
|
||||||
bugfix on 0.2.4.10-alpha.
|
|
|
@ -1,8 +0,0 @@
|
||||||
o Minor features:
|
|
||||||
- Refactor resolve_my_address() so it returns the method by which we
|
|
||||||
decided our public IP address (explicitly configured, resolved from
|
|
||||||
explicit hostname, guessed from interfaces, learned by gethostname).
|
|
||||||
Now we can provide more helpful log messages when a relay guesses
|
|
||||||
its IP address incorrectly (e.g. due to unexpected lines in
|
|
||||||
/etc/hosts). Resolves ticket 2267.
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor features:
|
|
||||||
- Randomize the lifetime of our SSL link certificate, so censors can't
|
|
||||||
use the static value for filtering Tor flows. Resolves ticket 8443;
|
|
||||||
related to ticket 4014 which was included in 0.2.2.33.
|
|
Loading…
Reference in New Issue