pkgsrc-WIP-cvs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: wip/tor-dev
Module name: wip
Committed by: athaba
Date: Fri Dec 3 15:37:16 UTC 2010
Modified Files:
wip/tor-dev: Makefile distinfo
Log Message:
Changes in version 0.2.2.19-alpha - 2010-11-22
Yet another OpenSSL security patch broke its compatibility with Tor:
Tor 0.2.2.19-alpha makes relays work with OpenSSL 0.9.8p and 1.0.0.b.
o Major bugfixes:
- Resolve an incompatibility with OpenSSL 0.9.8p and OpenSSL 1.0.0b:
No longer set the tlsext_host_name extension on server SSL objects;
but continue to set it on client SSL objects. Our goal in setting
it was to imitate a browser, not a vhosting server. Fixes bug 2204;
bugfix on 0.2.1.1-alpha.
o Minor bugfixes:
- Try harder not to exceed the maximum length of 50 KB when writing
statistics to extra-info descriptors. This bug was triggered by very
fast relays reporting exit-port, entry, and dirreq statistics.
Reported by Olaf Selke. Bugfix on 0.2.2.1-alpha. Fixes bug 2183.
- Publish a router descriptor even if generating an extra-info
descriptor fails. Previously we would not publish a router
descriptor without an extra-info descriptor; this can cause fast
exit relays collecting exit-port statistics to drop from the
consensus. Bugfix on 0.1.2.9-rc; fixes bug 2195.
Changes in version 0.2.2.18-alpha - 2010-11-16
Tor 0.2.2.18-alpha fixes several crash bugs that have been nagging
us lately, makes unpublished bridge relays able to detect their IP
address, and fixes a wide variety of other bugs to get us much closer
to a stable release.
o Major bugfixes:
- Do even more to reject (and not just ignore) annotations on
router descriptors received anywhere but from the cache. Previously
we would ignore such annotations at first, but cache them to disk
anyway. Bugfix on 0.2.0.8-alpha. Found by piebeer.
- Do not log messages to the controller while shrinking buffer
freelists. Doing so would sometimes make the controller connection
try to allocate a buffer chunk, which would mess up the internals
of the freelist and cause an assertion failure. Fixes bug 1125;
fixed by Robert Ransom. Bugfix on 0.2.0.16-alpha.
- Learn our external IP address when we're a relay or bridge, even if
we set PublishServerDescriptor to 0. Bugfix on 0.2.0.3-alpha,
where we introduced bridge relays that don't need to publish to
be useful. Fixes bug 2050.
- Maintain separate TLS contexts and certificates for incoming and
outgoing connections in bridge relays. Previously we would use the
same TLS contexts and certs for incoming and outgoing connections.
Bugfix on 0.2.0.3-alpha; addresses bug 988.
- Maintain separate identity keys for incoming and outgoing TLS
contexts in bridge relays. Previously we would use the same
identity keys for incoming and outgoing TLS contexts. Bugfix on
0.2.0.3-alpha; addresses the other half of bug 988.
- Avoid an assertion failure when we as an authority receive a
duplicate upload of a router descriptor that we already have,
but which we previously considered an obsolete descriptor.
Fixes another case of bug 1776. Bugfix on 0.2.2.16-alpha.
- Avoid a crash bug triggered by looking at a dangling pointer while
setting the network status consensus. Found by Robert Ransom.
Bugfix on 0.2.2.17-alpha. Fixes bug 2097.
- Fix a logic error where servers that _didn't_ act as exits would
try to keep their server lists more aggressively up to date than
exits, when it was supposed to be the other way around. Bugfix
on 0.2.2.17-alpha.
o Minor bugfixes (on Tor 0.2.1.x and earlier):
- When we're trying to guess whether we know our IP address as
a relay, we would log various ways that we failed to guess
our address, but never log that we ended up guessing it
successfully. Now add a log line to help confused and anxious
relay operators. Bugfix on 0.1.2.1-alpha; fixes bug 1534.
- Bring the logic that gathers routerinfos and assesses the
acceptability of circuits into line. This prevents a Tor OP from
getting locked in a cycle of choosing its local OR as an exit for a
path (due to a .exit request) and then rejecting the circuit because
its OR is not listed yet. It also prevents Tor clients from using an
OR running in the same instance as an exit (due to a .exit request)
if the OR does not meet the same requirements expected of an OR
running elsewhere. Fixes bug 1859; bugfix on 0.1.0.1-rc.
- Correctly describe errors that occur when generating a TLS object.
Previously we would attribute them to a failure while generating a
TLS context. Patch by Robert Ransom. Bugfix on 0.1.0.4-rc; fixes
bug 1994.
- Enforce multiplicity rules when parsing annotations. Bugfix on
0.2.0.8-alpha. Found by piebeer.
- Fix warnings that newer versions of autoconf produced during
./autogen.sh. These warnings appear to be harmless in our case,
but they were extremely verbose. Fixes bug 2020.
o Minor bugfixes (on Tor 0.2.2.x):
- Enable protection of small arrays whenever we build with gcc
hardening features, not only when also building with warnings
enabled. Fixes bug 2031; bugfix on 0.2.2.14-alpha. Reported by keb.
o Minor features:
- Make hidden services work better in private Tor networks by not
requiring any uptime to join the hidden service descriptor
DHT. Implements ticket 2088.
- Rate-limit the "your application is giving Tor only an IP address"
warning. Addresses bug 2000; bugfix on 0.0.8pre2.
- When AllowSingleHopExits is set, print a warning to explain to the
relay operator why most clients are avoiding her relay.
- Update to the November 1 2010 Maxmind GeoLite Country database.
o Code simplifications and refactoring:
- When we fixed bug 1038 we had to put in a restriction not to send
RELAY_EARLY cells on rend circuits. This was necessary as long
as relays using Tor 0.2.1.3-alpha through 0.2.1.18-alpha were
active. Now remove this obsolete check. Resolves bug 2081.
- Some options used different conventions for uppercasing of acronyms
when comparing manpage and source. Fix those in favor of the
manpage, as it makes sense to capitalize acronyms.
- Remove the torrc.complete file. It hasn't been kept up to date
and users will have better luck checking out the manpage.
- Remove the obsolete "NoPublish" option; it has been flagged
as obsolete and has produced a warning since 0.1.1.18-rc.
- Remove everything related to building the expert bundle for OS X.
It has confused many users, doesn't work right on OS X 10.6,
and is hard to get rid of once installed. Resolves bug 1274.
Changes in version 0.2.2.17-alpha - 2010-09-30
Tor 0.2.2.17-alpha introduces a feature to make it harder for clients
to use one-hop circuits (which can put the exit relays at higher risk,
plus unbalance the network); fixes a big bug in bandwidth accounting
for relays that want to limit their monthly bandwidth use; fixes a
big pile of bugs in how clients tolerate temporary network failure;
and makes our adaptive circuit build timeout feature (which improves
client performance if your network is fast while not breaking things
if your network is slow) better handle bad networks.
o Major features:
- Exit relays now try harder to block exit attempts from unknown
relays, to make it harder for people to use them as one-hop proxies
a la tortunnel. Controlled by the refuseunknownexits consensus
parameter (currently enabled), or you can override it on your
relay with the RefuseUnknownExits torrc option. Resolves bug 1751.
o Major bugfixes (0.2.1.x and earlier):
- Fix a bug in bandwidth accounting that could make us use twice
the intended bandwidth when our interval start changes due to
daylight saving time. Now we tolerate skew in stored vs computed
interval starts: if the start of the period changes by no more than
50% of the period's duration, we remember bytes that we transferred
in the old period. Fixes bug 1511; bugfix on 0.0.9pre5.
- Always search the Windows system directory for system DLLs, and
nowhere else. Bugfix on 0.1.1.23; fixes bug 1954.
- When you're using bridges and your network goes away and your
bridges get marked as down, recover when you attempt a new socks
connection (if the network is back), rather than waiting up to an
hour to try fetching new descriptors for your bridges. Bugfix on
0.2.0.3-alpha; fixes bug 1981.
o Major bugfixes (on 0.2.2.x):
- Fix compilation on Windows. Bugfix on 0.2.2.16-alpha; related to
bug 1797.
- Fix a segfault that could happen when operating a bridge relay with
no GeoIP database set. Fixes bug 1964; bugfix on 0.2.2.15-alpha.
- The consensus bandwidth-weights (used by clients to choose fast
relays) entered an unexpected edge case in September where
Exits were much scarcer than Guards, resulting in bad weight
recommendations. Now we compute them using new constraints that
should succeed in all cases. Also alter directory authorities to
not include the bandwidth-weights line if they fail to produce
valid values. Fixes bug 1952; bugfix on 0.2.2.10-alpha.
- When weighting bridges during path selection, we used to trust
the bandwidths they provided in their descriptor, only capping them
at 10MB/s. This turned out to be problematic for two reasons:
Bridges could claim to handle a lot more traffic then they
actually would, thus making more clients pick them and have a
pretty effective DoS attack. The other issue is that new bridges
that might not have a good estimate for their bw capacity yet
would not get used at all unless no other bridges are available
to a client. Fixes bug 1912; bugfix on 0.2.2.7-alpha.
o Major bugfixes (on the circuit build timeout feature, 0.2.2.x):
- Ignore cannibalized circuits when recording circuit build times.
This should provide for a minor performance improvement for hidden
service users using 0.2.2.14-alpha, and should remove two spurious
notice log messages. Bugfix on 0.2.2.14-alpha; fixes bug 1740.
- Simplify the logic that causes us to decide if the network is
unavailable for purposes of recording circuit build times. If we
receive no cells whatsoever for the entire duration of a circuit's
full measured lifetime, the network is probably down. Also ignore
one-hop directory fetching circuit timeouts when calculating our
circuit build times. These changes should hopefully reduce the
cases where we see ridiculous circuit build timeouts for people
with spotty wireless connections. Fixes part of bug 1772; bugfix
on 0.2.2.2-alpha.
- Prevent the circuit build timeout from becoming larger than
the maximum build time we have ever seen. Also, prevent the time
period for measurement circuits from becoming larger than twice that
value. Fixes the other part of bug 1772; bugfix on 0.2.2.2-alpha.
o Minor features:
- When we run out of directory information such that we can't build
circuits, but then get enough that we can build circuits, log when
we actually construct a circuit, so the user has a better chance of
knowing what's going on. Fixes bug 1362.
- Be more generous with how much bandwidth we'd use up (with
accounting enabled) before entering "soft hibernation". Previously,
we'd refuse new connections and circuits once we'd used up 95% of
our allotment. Now, we use up 95% of our allotment, AND make sure
that we have no more than 500MB (or 3 hours of expected traffic,
whichever is lower) remaining before we enter soft hibernation.
- If we've configured EntryNodes and our network goes away and/or all
our entrynodes get marked down, optimistically retry them all when
a new socks application request appears. Fixes bug 1882.
- Add some more defensive programming for architectures that can't
handle unaligned integer accesses. We don't know of any actual bugs
right now, but that's the best time to fix them. Fixes bug 1943.
- Support line continuations in the torrc config file. If a line
ends with a single backslash character, the newline is ignored, and
the configuration value is treated as continuing on the next line.
Resolves bug 1929.
o Minor bugfixes (on 0.2.1.x and earlier):
- For bandwidth accounting, calculate our expected bandwidth rate
based on the time during which we were active and not in
soft-hibernation during the last interval. Previously, we were
also considering the time spent in soft-hibernation. If this
was a long time, we would wind up underestimating our bandwidth
by a lot, and skewing our wakeup time towards the start of the
accounting interval. Fixes bug 1789. Bugfix on 0.0.9pre5.
o Minor bugfixes (on 0.2.2.x):
- Resume generating CIRC FAILED REASON=TIMEOUT control port messages,
which were disabled by the circuit build timeout changes in
0.2.2.14-alpha. Bugfix on 0.2.2.14-alpha; fixes bug 1739.
- Make sure we don't warn about missing bandwidth weights when
choosing bridges or other relays not in the consensus. Bugfix on
0.2.2.10-alpha; fixes bug 1805.
- In our logs, do not double-report signatures from unrecognized
authorities both as "from unknown authority" and "not
present". Fixes bug 1956, bugfix on 0.2.2.16-alpha.
Changes in version 0.2.2.16-alpha - 2010-09-17
Tor 0.2.2.16-alpha fixes a variety of old stream fairness bugs (most
evident at exit relays), and also continues to resolve all the little
bugs that have been filling up trac lately.
o Major bugfixes (stream-level fairness):
- When receiving a circuit-level SENDME for a blocked circuit, try
to package cells fairly from all the streams that had previously
been blocked on that circuit. Previously, we had started with the
oldest stream, and allowed each stream to potentially exhaust
the circuit's package window. This gave older streams on any
given circuit priority over newer ones. Fixes bug 1937. Detected
originally by Camilo Viecco. This bug was introduced before the
first Tor release, in svn commit r152: it is the new winner of
the longest-lived bug prize.
- When the exit relay got a circuit-level sendme cell, it started
reading on the exit streams, even if had 500 cells queued in the
circuit queue already, so the circuit queue just grew and grew in
some cases. We fix this by not re-enabling reading on receipt of a
sendme cell when the cell queue is blocked. Fixes bug 1653. Bugfix
on 0.2.0.1-alpha. Detected by Mashael AlSabah. Original patch by
"yetonetime".
- Newly created streams were allowed to read cells onto circuits,
even if the circuit's cell queue was blocked and waiting to drain.
This created potential unfairness, as older streams would be
blocked, but newer streams would gladly fill the queue completely.
We add code to detect this situation and prevent any stream from
getting more than one free cell. Bugfix on 0.2.0.1-alpha. Partially
fixes bug 1298.
o Minor features:
- Update to the September 1 2010 Maxmind GeoLite Country database.
- Warn when CookieAuthFileGroupReadable is set but CookieAuthFile is
not. This would lead to a cookie that is still not group readable.
Closes bug 1843. Suggested by katmagic.
- When logging a rate-limited warning, we now mention how many messages
got suppressed since the last warning.
- Add new "perconnbwrate" and "perconnbwburst" consensus params to
do individual connection-level rate limiting of clients. The torrc
config options with the same names trump the consensus params, if
both are present. Replaces the old "bwconnrate" and "bwconnburst"
consensus params which were broken from 0.2.2.7-alpha through
0.2.2.14-alpha. Closes bug 1947.
- When a router changes IP address or port, authorities now launch
a new reachability test for it. Implements ticket 1899.
- Make the formerly ugly "2 unknown, 7 missing key, 0 good, 0 bad,
2 no signature, 4 required" messages about consensus signatures
easier to read, and make sure they get logged at the same severity
as the messages explaining which keys are which. Fixes bug 1290.
- Don't warn when we have a consensus that we can't verify because
of missing certificates, unless those certificates are ones
that we have been trying and failing to download. Fixes bug 1145.
- If you configure your bridge with a known identity fingerprint,
and the bridge authority is unreachable (as it is in at least
one country now), fall back to directly requesting the descriptor
from the bridge. Finishes the feature started in 0.2.0.10-alpha;
closes bug 1138.
- When building with --enable-gcc-warnings on OpenBSD, disable
warnings in system headers. This makes --enable-gcc-warnings
pass on OpenBSD 4.8.
o Minor bugfixes (on 0.2.1.x and earlier):
- Authorities will now attempt to download consensuses if their
own efforts to make a live consensus have failed. This change
means authorities that restart will fetch a valid consensus, and
it means authorities that didn't agree with the current consensus
will still fetch and serve it if it has enough signatures. Bugfix
on 0.2.0.9-alpha; fixes bug 1300.
- Ensure DNS requests launched by "RESOLVE" commands from the
controller respect the __LeaveStreamsUnattached setconf options. The
same goes for requests launched via DNSPort or transparent
proxying. Bugfix on 0.2.0.1-alpha; fixes bug 1525.
- Allow handshaking OR connections to take a full KeepalivePeriod
seconds to handshake. Previously, we would close them after
IDLE_OR_CONN_TIMEOUT (180) seconds, the same timeout as if they
were open. Bugfix on 0.2.1.26; fixes bug 1840. Thanks to mingw-san
for analysis help.
- Rate-limit "Failed to hand off onionskin" warnings.
- Never relay a cell for a circuit we have already destroyed.
Between marking a circuit as closeable and finally closing it,
it may have been possible for a few queued cells to get relayed,
even though they would have been immediately dropped by the next
OR in the circuit. Fixes bug 1184; bugfix on 0.2.0.1-alpha.
- Never queue a cell for a circuit that's already been marked
for close.
- Never vote for a server as "Running" if we have a descriptor for
it claiming to be hibernating, and that descriptor was published
more recently than our last contact with the server. Bugfix on
0.2.0.3-alpha; fixes bug 911.
- Squash a compile warning on OpenBSD. Reported by Tas; fixes
bug 1848.
o Minor bugfixes (on 0.2.2.x):
- Fix a regression introduced in 0.2.2.7-alpha that marked relays
down if a directory fetch fails and you've configured either
bridges or EntryNodes. The intent was to mark the relay as down
_unless_ you're using bridges or EntryNodes, since if you are
then you could quickly run out of entry points.
- Fix the Windows directory-listing code. A bug introduced in
0.2.2.14-alpha could make Windows directory servers forget to load
some of their cached v2 networkstatus files.
- Really allow clients to use relays as bridges. Fixes bug 1776;
bugfix on 0.2.2.15-alpha.
- Demote a warn to info that happens when the CellStatistics option
was just enabled. Bugfix on 0.2.2.15-alpha; fixes bug 1921.
Reported by Moritz Bartl.
- On Windows, build correctly either with or without Unicode support.
This is necessary so that Tor can support fringe platforms like
Windows 98 (which has no Unicode), or Windows CE (which has no
non-Unicode). Bugfix on 0.2.2.14-alpha; fixes bug 1797.
o Testing
- Add a unit test for cross-platform directory-listing code.
Changes in version 0.2.2.15-alpha - 2010-08-18
Tor 0.2.2.15-alpha fixes a big bug in hidden service availability,
fixes a variety of other bugs that were preventing performance
experiments from moving forward, fixes several bothersome memory leaks,
and generally closes a lot of smaller bugs that have been filling up
trac lately.
o Major bugfixes:
- Stop assigning the HSDir flag to relays that disable their
DirPort (and thus will refuse to answer directory requests). This
fix should dramatically improve the reachability of hidden services:
hidden services and hidden service clients pick six HSDir relays
to store and retrieve the hidden service descriptor, and currently
about half of the HSDir relays will refuse to work. Bugfix on
0.2.0.10-alpha; fixes part of bug 1693.
- The PerConnBWRate and Burst config options, along with the
bwconnrate and bwconnburst consensus params, initialized each conn's
token bucket values only when the connection is established. Now we
update them if the config options change, and update them every time
we get a new consensus. Otherwise we can encounter an ugly edge
case where we initialize an OR conn to client-level bandwidth,
but then later the relay joins the consensus and we leave it
throttled. Bugfix on 0.2.2.7-alpha; fixes bug 1830.
- Fix a regression that caused Tor to rebind its ports if it receives
SIGHUP while hibernating. Bugfix in 0.1.1.6-alpha; closes bug 919.
o Major features:
- Lower the maximum weighted-fractional-uptime cutoff to 98%. This
should give us approximately 40-50% more Guard-flagged nodes,
improving the anonymity the Tor network can provide and also
decreasing the dropoff in throughput that relays experience when
they first get the Guard flag.
- Allow enabling or disabling the *Statistics config options while
Tor is running.
o Minor features:
- Update to the August 1 2010 Maxmind GeoLite Country database.
- Have the controller interface give a more useful message than
"Internal Error" in response to failed GETINFO requests.
- Warn when the same option is provided more than once in a torrc
file, on the command line, or in a single SETCONF statement, and
the option is one that only accepts a single line. Closes bug 1384.
- Build correctly on mingw with more recent versions of OpenSSL 0.9.8.
Patch from mingw-san.
- Add support for the country code "{??}" in torrc options like
ExcludeNodes, to indicate all routers of unknown country. Closes
bug 1094.
- Relays report the number of bytes spent on answering directory
requests in extra-info descriptors similar to {read,write}-history.
Implements enhancement 1790.
o Minor bugfixes (on 0.2.1.x and earlier):
- Complain if PublishServerDescriptor is given multiple arguments that
include 0 or 1. This configuration will be rejected in the future.
Bugfix on 0.2.0.1-alpha; closes bug 1107.
- Disallow BridgeRelay 1 and ORPort 0 at once in the configuration.
Bugfix on 0.2.0.13-alpha; closes bug 928.
- Change "Application request when we're believed to be offline."
notice to "Application request when we haven't used client
functionality lately.", to clarify that it's not an error. Bugfix
on 0.0.9.3; fixes bug 1222.
- Fix a bug in the controller interface where "GETINFO ns/asdaskljkl"
would return "551 Internal error" rather than "552 Unrecognized key
ns/asdaskljkl". Bugfix on 0.1.2.3-alpha.
- Users can't configure a regular relay to be their bridge. It didn't
work because when Tor fetched the bridge descriptor, it found
that it already had it, and didn't realize that the purpose of the
descriptor had changed. Now we replace routers with a purpose other
than bridge with bridge descriptors when fetching them. Bugfix on
0.1.1.9-alpha. Bug 1776 not yet fixed because now we immediately
refetch the descriptor with router purpose 'general', disabling
it as a bridge.
- Fix a rare bug in rend_fn unit tests: we would fail a test when
a randomly generated port is 0. Diagnosed by Matt Edman. Bugfix
on 0.2.0.10-alpha; fixes bug 1808.
- Exit nodes didn't recognize EHOSTUNREACH as a plausible error code,
and so sent back END_STREAM_REASON_MISC. Clients now recognize a new
stream ending reason for this case: END_STREAM_REASON_NOROUTE.
Servers can start sending this code when enough clients recognize
it. Also update the spec to reflect this new reason. Bugfix on
0.1.0.1-rc; fixes part of bug 1793.
- Delay geoip stats collection by bridges for 6 hours, not 2 hours,
when we switch from being a public relay to a bridge. Otherwise
there will still be clients that see the relay in their consensus,
and the stats will end up wrong. Bugfix on 0.2.1.15-rc; fixes bug
932 even more.
- Instead of giving an assertion failure on an internal mismatch
on estimated freelist size, just log a BUG warning and try later.
Mitigates but does not fix bug 1125.
- Fix an assertion failure that could occur in caches or bridge users
when using a very short voting interval on a testing network.
Diagnosed by Robert Hogan. Fixes bug 1141; bugfix on 0.2.0.8-alpha.
o Minor bugfixes (on 0.2.2.x):
- Alter directory authorities to always consider Exit-flagged nodes
as potential Guard nodes in their votes. The actual decision to
use Exits as Guards is done in the consensus bandwidth weights.
Fixes bug 1294; bugfix on 0.2.2.10-alpha.
- When the controller is reporting the purpose of circuits that
didn't finish building before the circuit build timeout, it was
printing UNKNOWN_13. Now print EXPIRED. Bugfix on 0.2.2.14-alpha.
- Our libevent version parsing code couldn't handle versions like
1.4.14b-stable and incorrectly warned the user about using an
old and broken version of libevent. Treat 1.4.14b-stable like
1.4.14-stable when parsing the version. Fixes bug 1731; bugfix
on 0.2.2.1-alpha.
- Don't use substitution references like $(VAR:MOD) when
$(asciidoc_files) is empty -- make(1) on NetBSD transforms
'$(:x)' to 'x' rather than the empty string. This bites us in
doc/ when configured with --disable-asciidoc. Bugfix on
0.2.2.9-alpha; fixes bug 1773.
- Remove a spurious hidden service server-side log notice about
"Ancient non-dirty circuits". Bugfix on 0.2.2.14-alpha; fixes
bug 1741.
- Fix compilation with --with-dmalloc set. Bugfix on 0.2.2.6-alpha;
fixes bug 1832.
- Correctly report written bytes on linked connections. Found while
implementing 1790. Bugfix on 0.2.2.4-alpha.
- Fix three memory leaks: one in circuit_build_times_parse_state(),
one in dirvote_add_signatures_to_pending_consensus(), and one every
time we parse a v3 network consensus. Bugfixes on 0.2.2.14-alpha,
0.2.2.6-alpha, and 0.2.2.10-alpha respectively; fixes bug 1831.
o Code simplifications and refactoring:
- Take a first step towards making or.h smaller by splitting out
function definitions for all source files in src/or/. Leave
structures and defines in or.h for now.
- Remove a bunch of unused function declarations as well as a block of
#if 0'd code from the unit tests. Closes bug 1824.
- New unit tests for exit-port history statistics; refactored exit
statistics code to be more easily tested.
- Remove the old debian/ directory from the main Tor distribution.
The official Tor-for-debian git repository lives at the URL
https://git.torproject.org/debian/tor.git
Changes in version 0.2.2.14-alpha - 2010-07-12
Tor 0.2.2.14-alpha greatly improves client-side handling of
circuit build timeouts, which are used to estimate speed and improve
performance. We also move to a much better GeoIP database, port Tor to
Windows CE, introduce new compile flags that improve code security,
add an eighth v3 directory authority, and address a lot of more
minor issues.
o Major bugfixes:
- Tor directory authorities no longer crash when started with a
cached-microdesc-consensus file in their data directory. Bugfix
on 0.2.2.6-alpha; fixes bug 1532.
- Treat an unset $HOME like an empty $HOME rather than triggering an
assert. Bugfix on 0.0.8pre1; fixes bug 1522.
- Ignore negative and large circuit build timeout values that can
happen during a suspend or hibernate. These values caused various
asserts to fire. Bugfix on 0.2.2.2-alpha; fixes bug 1245.
- Alter calculation of Pareto distribution parameter 'Xm' for
Circuit Build Timeout learning to use the weighted average of the
top N=3 modes (because we have three entry guards). Considering
multiple modes should improve the timeout calculation in some cases,
and prevent extremely high timeout values. Bugfix on 0.2.2.2-alpha;
fixes bug 1335.
- Alter calculation of Pareto distribution parameter 'Alpha' to use a
right censored distribution model. This approach improves over the
synthetic timeout generation approach that was producing insanely
high timeout values. Now we calculate build timeouts using truncated
times. Bugfix on 0.2.2.2-alpha; fixes bugs 1245 and 1335.
- Do not close circuits that are under construction when they reach
the circuit build timeout. Instead, leave them building (but do not
use them) for up until the time corresponding to the 95th percentile
on the Pareto CDF or 60 seconds, whichever is greater. This is done
to provide better data for the new Pareto model. This percentile
can be controlled by the consensus.
o Major features:
- Move to the June 2010 Maxmind GeoLite country db (rather than the
June 2009 ip-to-country GeoIP db) for our statistics that count
how many users relays are seeing from each country. Now we have
more accurate data for many African countries.
- Port Tor to build and run correctly on Windows CE systems, using
the wcecompat library. Contributed by Valerio Lupi.
- New "--enable-gcc-hardening" ./configure flag (off by default)
to turn on gcc compile time hardening options. It ensures
that signed ints have defined behavior (-fwrapv), enables
-D_FORTIFY_SOURCE=2 (requiring -O2), adds stack smashing protection
with canaries (-fstack-protector-all), turns on ASLR protection if
supported by the kernel (-fPIE, -pie), and adds additional security
related warnings. Verified to work on Mac OS X and Debian Lenny.
- New "--enable-linker-hardening" ./configure flag (off by default)
to turn on ELF specific hardening features (relro, now). This does
not work with Mac OS X or any other non-ELF binary format.
o New directory authorities:
- Set up maatuska (run by Linus Nordberg) as the eighth v3 directory
authority.
o Minor features:
- New config option "WarnUnsafeSocks 0" disables the warning that
occurs whenever Tor receives only an IP address instead of a
hostname. Setups that do DNS locally over Tor are fine, and we
shouldn't spam the logs in that case.
- Convert the HACKING file to asciidoc, and add a few new sections
to it, explaining how we use Git, how we make changelogs, and
what should go in a patch.
- Add a TIMEOUT_RATE keyword to the BUILDTIMEOUT_SET control port
event, to give information on the current rate of circuit timeouts
over our stored history.
- Add ability to disable circuit build time learning via consensus
parameter and via a LearnCircuitBuildTimeout config option. Also
automatically disable circuit build time calculation if we are
either a AuthoritativeDirectory, or if we fail to write our state
file. Fixes bug 1296.
- More gracefully handle corrupt state files, removing asserts
in favor of saving a backup and resetting state.
- Rename the "log.h" header to "torlog.h" so as to conflict with fewer
system headers.
o Minor bugfixes:
- Build correctly on OSX with zlib 1.2.4 and higher with all warnings
enabled.
- When a2x fails, mention that the user could disable manpages instead
of trying to fix their asciidoc installation.
- Where available, use Libevent 2.0's periodic timers so that our
once-per-second cleanup code gets called even more closely to
once per second than it would otherwise. Fixes bug 943.
- If you run a bridge that listens on multiple IP addresses, and
some user configures a bridge address that uses a different IP
address than your bridge writes in its router descriptor, and the
user doesn't specify an identity key, their Tor would discard the
descriptor because "it isn't one of our configured bridges", and
fail to bootstrap. Now believe the descriptor and bootstrap anyway.
Bugfix on 0.2.0.3-alpha.
- If OpenSSL fails to make a duplicate of a private or public key, log
an error message and try to exit cleanly. May help with debugging
if bug 1209 ever remanifests.
- Save a couple bytes in memory allocation every time we escape
certain characters in a string. Patch from Florian Zumbiehl.
- Make it explicit that we don't cannibalize one-hop circuits. This
happens in the wild, but doesn't turn out to be a problem because
we fortunately don't use those circuits. Many thanks to outofwords
for the initial analysis and to swissknife who confirmed that
two-hop circuits are actually created.
- Make directory mirrors report non-zero dirreq-v[23]-shares again.
Fixes bug 1564; bugfix on 0.2.2.9-alpha.
- Eliminate a case where a circuit build time warning was displayed
after network connectivity resumed. Bugfix on 0.2.2.2-alpha.
To generate a diff of this commit:
cvs -z3 rdiff -u -r1.25 -r1.26 wip/tor-dev/distinfo
cvs -z3 rdiff -u -r1.34 -r1.35 wip/tor-dev/Makefile
To view a diff of this commit:
http://pkgsrc-wip.cvs.sourceforge.net/pkgsrc-wip/wip/tor-dev/distinfo?r1=1.25&r2=1.26
http://pkgsrc-wip.cvs.sourceforge.net/pkgsrc-wip/wip/tor-dev/Makefile?r1=1.34&r2=1.35
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________
pkgsrc-wip-cvs mailing list
pkgsrc-wip-cvs%lists.sourceforge.net@localhost
https://lists.sourceforge.net/lists/listinfo/pkgsrc-wip-cvs
Home |
Main Index |
Thread Index |
Old Index