1 Changes in version 0.2.2.23-alpha - 2011-03-08
2 Tor 0.2.2.23-alpha lets relays record their bandwidth history so when
3 they restart they don't lose their bandwidth capacity estimate. This
4 release also fixes a diverse set of user-facing bugs, ranging from
5 relays overrunning their rate limiting to clients falsely warning about
6 clock skew to bridge descriptor leaks by our bridge directory authority.
7
8 o Major bugfixes:
9 - Stop sending a CLOCK_SKEW controller status event whenever
10 we fetch directory information from a relay that has a wrong clock.
11 Instead, only inform the controller when it's a trusted authority
12 that claims our clock is wrong. Bugfix on 0.1.2.6-alpha; fixes
13 the rest of bug 1074.
14 - Fix an assert in parsing router descriptors containing IPv6
15 addresses. This one took down the directory authorities when
16 somebody tried some experimental code. Bugfix on 0.2.1.3-alpha.
17 - Make the bridge directory authority refuse to answer directory
18 requests for "all" descriptors. It used to include bridge
19 descriptors in its answer, which was a major information leak.
20 Found by "piebeer". Bugfix on 0.2.0.3-alpha.
21 - If relays set RelayBandwidthBurst but not RelayBandwidthRate,
22 Tor would ignore their RelayBandwidthBurst setting,
23 potentially using more bandwidth than expected. Bugfix on
24 0.2.0.1-alpha. Reported by Paul Wouters. Fixes bug 2470.
25 - Ignore and warn if the user mistakenly sets "PublishServerDescriptor
26 hidserv" in her torrc. The 'hidserv' argument never controlled
27 publication of hidden service descriptors. Bugfix on 0.2.0.1-alpha.
28
29 o Major features:
30 - Relays now save observed peak bandwidth throughput rates to their
31 state file (along with total usage, which was already saved)
32 so that they can determine their correct estimated bandwidth on
33 restart. Resolves bug 1863, where Tor relays would reset their
34 estimated bandwidth to 0 after restarting.
35 - Directory authorities now take changes in router IP address and
36 ORPort into account when determining router stability. Previously,
37 if a router changed its IP or ORPort, the authorities would not
38 treat it as having any downtime for the purposes of stability
39 calculation, whereas clients would experience downtime since the
40 change could take a while to propagate to them. Resolves issue 1035.
41 - Enable Address Space Layout Randomization (ASLR) and Data Execution
42 Prevention (DEP) by default on Windows to make it harder for
43 attackers to exploit vulnerabilities. Patch from John Brooks.
44
45 o Minor bugfixes (on 0.2.1.x and earlier):
46 - Fix a rare crash bug that could occur when a client was configured
47 with a large number of bridges. Fixes bug 2629; bugfix on
48 0.2.1.2-alpha. Bugfix by trac user "shitlei".
49 - Avoid a double mark-for-free warning when failing to attach a
50 transparent proxy connection. Bugfix on 0.1.2.1-alpha. Fixes
51 bug 2279.
52 - Correctly detect failure to allocate an OpenSSL BIO. Fixes bug 2378;
53 found by "cypherpunks". This bug was introduced before the first
54 Tor release, in svn commit r110.
55 - Country codes aren't supported in EntryNodes until 0.2.3.x, so
56 don't mention them in the manpage. Fixes bug 2450; issue
57 spotted by keb and G-Lo.
58 - Fix a bug in bandwidth history state parsing that could have been
59 triggered if a future version of Tor ever changed the timing
60 granularity at which bandwidth history is measured. Bugfix on
61 Tor 0.1.1.11-alpha.
62 - When a relay decides that its DNS is too broken for it to serve
63 as an exit server, it advertised itself as a non-exit, but
64 continued to act as an exit. This could create accidental
65 partitioning opportunities for users. Instead, if a relay is
66 going to advertise reject *:* as its exit policy, it should
67 really act with exit policy "reject *:*". Fixes bug 2366.
68 Bugfix on Tor 0.1.2.5-alpha. Bugfix by user "postman" on trac.
69 - In the special case where you configure a public exit relay as your
70 bridge, Tor would be willing to use that exit relay as the last
71 hop in your circuit as well. Now we fail that circuit instead.
72 Bugfix on 0.2.0.12-alpha. Fixes bug 2403. Reported by "piebeer".
73 - Fix a bug with our locking implementation on Windows that couldn't
74 correctly detect when a file was already locked. Fixes bug 2504,
75 bugfix on 0.2.1.6-alpha.
76 - Fix IPv6-related connect() failures on some platforms (BSD, OS X).
77 Bugfix on 0.2.0.3-alpha; fixes first part of bug 2660. Patch by
78 "piebeer".
79 - Set target port in get_interface_address6() correctly. Bugfix
80 on 0.1.1.4-alpha and 0.2.0.3-alpha; fixes second part of bug 2660.
81 - Directory authorities are now more robust to hops back in time
82 when calculating router stability. Previously, if a run of uptime
83 or downtime appeared to be negative, the calculation could give
84 incorrect results. Bugfix on 0.2.0.6-alpha; noticed when fixing
85 bug 1035.
86 - Fix an assert that got triggered when using the TestingTorNetwork
87 configuration option and then issuing a GETINFO config-text control
88 command. Fixes bug 2250; bugfix on 0.2.1.2-alpha.
89
90 o Minor bugfixes (on 0.2.2.x):
91 - Clients should not weight BadExit nodes as Exits in their node
92 selection. Similarly, directory authorities should not count BadExit
93 bandwidth as Exit bandwidth when computing bandwidth-weights.
94 Bugfix on 0.2.2.10-alpha; fixes bug 2203.
95 - Correctly clear our dir_read/dir_write history when there is an
96 error parsing any bw history value from the state file. Bugfix on
97 Tor 0.2.2.15-alpha.
98 - Resolve a bug in verifying signatures of directory objects
99 with digests longer than SHA1. Bugfix on 0.2.2.20-alpha.
100 Fixes bug 2409. Found by "piebeer".
101 - Bridge authorities no longer crash on SIGHUP when they try to
102 publish their relay descriptor to themselves. Fixes bug 2572. Bugfix
103 on 0.2.2.22-alpha.
104
105 o Minor features:
106 - Log less aggressively about circuit timeout changes, and improve
107 some other circuit timeout messages. Resolves bug 2004.
108 - Log a little more clearly about the times at which we're no longer
109 accepting new connections. Resolves bug 2181.
110 - Reject attempts at the client side to open connections to private
111 IP addresses (like 127.0.0.1, 10.0.0.1, and so on) with
112 a randomly chosen exit node. Attempts to do so are always
113 ill-defined, generally prevented by exit policies, and usually
114 in error. This will also help to detect loops in transparent
115 proxy configurations. You can disable this feature by setting
116 "ClientRejectInternalAddresses 0" in your torrc.
117 - Always treat failure to allocate an RSA key as an unrecoverable
118 allocation error.
119 - Update to the March 1 2011 Maxmind GeoLite Country database.
120
121 o Minor features (log subsystem):
122 - Add documentation for configuring logging at different severities in
123 different log domains. We've had this feature since 0.2.1.1-alpha,
124 but for some reason it never made it into the manpage. Fixes
125 bug 2215.
126 - Make it simpler to specify "All log domains except for A and B".
127 Previously you needed to say "[*,~A,~
". Now you can just say
128 "[~A,~
".
129 - Add a "LogMessageDomains 1" option to include the domains of log
130 messages along with the messages. Without this, there's no way
131 to use log domains without reading the source or doing a lot
132 of guessing.
133
134 o Packaging changes:
135 - Stop shipping the Tor specs files and development proposal documents
136 in the tarball. They are now in a separate git repository at
137 git://git.torproject.org/torspec.git