pkgsrc-WIP-cvs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: wip/tor-dev

Module name:    wip
Committed by:   athaba
Date:           Fri Dec  3 15:37:16 UTC 2010

Modified Files:
        wip/tor-dev: Makefile distinfo

Log Message:
Changes in version - 2010-11-22
  Yet another OpenSSL security patch broke its compatibility with Tor:
  Tor makes relays work with OpenSSL 0.9.8p and 1.0.0.b.

  o Major bugfixes:
    - Resolve an incompatibility with OpenSSL 0.9.8p and OpenSSL 1.0.0b:
      No longer set the tlsext_host_name extension on server SSL objects;
      but continue to set it on client SSL objects. Our goal in setting
      it was to imitate a browser, not a vhosting server. Fixes bug 2204;
      bugfix on

  o Minor bugfixes:
    - Try harder not to exceed the maximum length of 50 KB when writing
      statistics to extra-info descriptors. This bug was triggered by very
      fast relays reporting exit-port, entry, and dirreq statistics.
      Reported by Olaf Selke. Bugfix on Fixes bug 2183.
    - Publish a router descriptor even if generating an extra-info
      descriptor fails. Previously we would not publish a router
      descriptor without an extra-info descriptor; this can cause fast
      exit relays collecting exit-port statistics to drop from the
      consensus. Bugfix on; fixes bug 2195.

Changes in version - 2010-11-16
  Tor fixes several crash bugs that have been nagging
  us lately, makes unpublished bridge relays able to detect their IP
  address, and fixes a wide variety of other bugs to get us much closer
  to a stable release.

  o Major bugfixes:
    - Do even more to reject (and not just ignore) annotations on
      router descriptors received anywhere but from the cache. Previously
      we would ignore such annotations at first, but cache them to disk
      anyway. Bugfix on Found by piebeer.
    - Do not log messages to the controller while shrinking buffer
      freelists. Doing so would sometimes make the controller connection
      try to allocate a buffer chunk, which would mess up the internals
      of the freelist and cause an assertion failure. Fixes bug 1125;
      fixed by Robert Ransom. Bugfix on
    - Learn our external IP address when we're a relay or bridge, even if
      we set PublishServerDescriptor to 0. Bugfix on,
      where we introduced bridge relays that don't need to publish to
      be useful. Fixes bug 2050.
    - Maintain separate TLS contexts and certificates for incoming and
      outgoing connections in bridge relays. Previously we would use the
      same TLS contexts and certs for incoming and outgoing connections.
      Bugfix on; addresses bug 988.
    - Maintain separate identity keys for incoming and outgoing TLS
      contexts in bridge relays. Previously we would use the same
      identity keys for incoming and outgoing TLS contexts. Bugfix on; addresses the other half of bug 988.
    - Avoid an assertion failure when we as an authority receive a
      duplicate upload of a router descriptor that we already have,
      but which we previously considered an obsolete descriptor.
      Fixes another case of bug 1776. Bugfix on
    - Avoid a crash bug triggered by looking at a dangling pointer while
      setting the network status consensus. Found by Robert Ransom.
      Bugfix on Fixes bug 2097.
    - Fix a logic error where servers that _didn't_ act as exits would
      try to keep their server lists more aggressively up to date than
      exits, when it was supposed to be the other way around. Bugfix

  o Minor bugfixes (on Tor 0.2.1.x and earlier):
    - When we're trying to guess whether we know our IP address as
      a relay, we would log various ways that we failed to guess
      our address, but never log that we ended up guessing it
      successfully. Now add a log line to help confused and anxious
      relay operators. Bugfix on; fixes bug 1534.
    - Bring the logic that gathers routerinfos and assesses the
      acceptability of circuits into line. This prevents a Tor OP from
      getting locked in a cycle of choosing its local OR as an exit for a
      path (due to a .exit request) and then rejecting the circuit because
      its OR is not listed yet. It also prevents Tor clients from using an
      OR running in the same instance as an exit (due to a .exit request)
      if the OR does not meet the same requirements expected of an OR
      running elsewhere. Fixes bug 1859; bugfix on
    - Correctly describe errors that occur when generating a TLS object.
      Previously we would attribute them to a failure while generating a
      TLS context. Patch by Robert Ransom. Bugfix on; fixes
      bug 1994.
    - Enforce multiplicity rules when parsing annotations. Bugfix on Found by piebeer.
    - Fix warnings that newer versions of autoconf produced during
      ./ These warnings appear to be harmless in our case,
      but they were extremely verbose. Fixes bug 2020.

  o Minor bugfixes (on Tor 0.2.2.x):
    - Enable protection of small arrays whenever we build with gcc
      hardening features, not only when also building with warnings
      enabled. Fixes bug 2031; bugfix on Reported by keb.

  o Minor features:
    - Make hidden services work better in private Tor networks by not
      requiring any uptime to join the hidden service descriptor
      DHT. Implements ticket 2088.
    - Rate-limit the "your application is giving Tor only an IP address"
      warning. Addresses bug 2000; bugfix on 0.0.8pre2.
    - When AllowSingleHopExits is set, print a warning to explain to the
      relay operator why most clients are avoiding her relay.
    - Update to the November 1 2010 Maxmind GeoLite Country database.

  o Code simplifications and refactoring:
    - When we fixed bug 1038 we had to put in a restriction not to send
      RELAY_EARLY cells on rend circuits. This was necessary as long
      as relays using Tor through were
      active. Now remove this obsolete check. Resolves bug 2081.
    - Some options used different conventions for uppercasing of acronyms
      when comparing manpage and source. Fix those in favor of the
      manpage, as it makes sense to capitalize acronyms.
    - Remove the torrc.complete file. It hasn't been kept up to date
      and users will have better luck checking out the manpage.
    - Remove the obsolete "NoPublish" option; it has been flagged
      as obsolete and has produced a warning since
    - Remove everything related to building the expert bundle for OS X.
      It has confused many users, doesn't work right on OS X 10.6,
      and is hard to get rid of once installed. Resolves bug 1274.

Changes in version - 2010-09-30
  Tor introduces a feature to make it harder for clients
  to use one-hop circuits (which can put the exit relays at higher risk,
  plus unbalance the network); fixes a big bug in bandwidth accounting
  for relays that want to limit their monthly bandwidth use; fixes a
  big pile of bugs in how clients tolerate temporary network failure;
  and makes our adaptive circuit build timeout feature (which improves
  client performance if your network is fast while not breaking things
  if your network is slow) better handle bad networks.

  o Major features:
    - Exit relays now try harder to block exit attempts from unknown
      relays, to make it harder for people to use them as one-hop proxies
      a la tortunnel. Controlled by the refuseunknownexits consensus
      parameter (currently enabled), or you can override it on your
      relay with the RefuseUnknownExits torrc option. Resolves bug 1751.

  o Major bugfixes (0.2.1.x and earlier):
    - Fix a bug in bandwidth accounting that could make us use twice
      the intended bandwidth when our interval start changes due to
      daylight saving time. Now we tolerate skew in stored vs computed
      interval starts: if the start of the period changes by no more than
      50% of the period's duration, we remember bytes that we transferred
      in the old period. Fixes bug 1511; bugfix on 0.0.9pre5.
    - Always search the Windows system directory for system DLLs, and
      nowhere else. Bugfix on; fixes bug 1954.
    - When you're using bridges and your network goes away and your
      bridges get marked as down, recover when you attempt a new socks
      connection (if the network is back), rather than waiting up to an
      hour to try fetching new descriptors for your bridges. Bugfix on; fixes bug 1981.

  o Major bugfixes (on 0.2.2.x):
    - Fix compilation on Windows. Bugfix on; related to
      bug 1797.
    - Fix a segfault that could happen when operating a bridge relay with
      no GeoIP database set. Fixes bug 1964; bugfix on
    - The consensus bandwidth-weights (used by clients to choose fast
      relays) entered an unexpected edge case in September where
      Exits were much scarcer than Guards, resulting in bad weight
      recommendations. Now we compute them using new constraints that
      should succeed in all cases. Also alter directory authorities to
      not include the bandwidth-weights line if they fail to produce
      valid values. Fixes bug 1952; bugfix on
    - When weighting bridges during path selection, we used to trust
      the bandwidths they provided in their descriptor, only capping them
      at 10MB/s. This turned out to be problematic for two reasons:
      Bridges could claim to handle a lot more traffic then they
      actually would, thus making more clients pick them and have a
      pretty effective DoS attack. The other issue is that new bridges
      that might not have a good estimate for their bw capacity yet
      would not get used at all unless no other bridges are available
      to a client. Fixes bug 1912; bugfix on

  o Major bugfixes (on the circuit build timeout feature, 0.2.2.x):
    - Ignore cannibalized circuits when recording circuit build times.
      This should provide for a minor performance improvement for hidden
      service users using, and should remove two spurious
      notice log messages. Bugfix on; fixes bug 1740.
    - Simplify the logic that causes us to decide if the network is
      unavailable for purposes of recording circuit build times. If we
      receive no cells whatsoever for the entire duration of a circuit's
      full measured lifetime, the network is probably down. Also ignore
      one-hop directory fetching circuit timeouts when calculating our
      circuit build times. These changes should hopefully reduce the
      cases where we see ridiculous circuit build timeouts for people
      with spotty wireless connections. Fixes part of bug 1772; bugfix
    - Prevent the circuit build timeout from becoming larger than
      the maximum build time we have ever seen. Also, prevent the time
      period for measurement circuits from becoming larger than twice that
      value. Fixes the other part of bug 1772; bugfix on

  o Minor features:
    - When we run out of directory information such that we can't build
      circuits, but then get enough that we can build circuits, log when
      we actually construct a circuit, so the user has a better chance of
      knowing what's going on. Fixes bug 1362.
    - Be more generous with how much bandwidth we'd use up (with
      accounting enabled) before entering "soft hibernation". Previously,
      we'd refuse new connections and circuits once we'd used up 95% of
      our allotment. Now, we use up 95% of our allotment, AND make sure
      that we have no more than 500MB (or 3 hours of expected traffic,
      whichever is lower) remaining before we enter soft hibernation.
    - If we've configured EntryNodes and our network goes away and/or all
      our entrynodes get marked down, optimistically retry them all when
      a new socks application request appears. Fixes bug 1882.
    - Add some more defensive programming for architectures that can't
      handle unaligned integer accesses. We don't know of any actual bugs
      right now, but that's the best time to fix them. Fixes bug 1943.
    - Support line continuations in the torrc config file. If a line
      ends with a single backslash character, the newline is ignored, and
      the configuration value is treated as continuing on the next line.
      Resolves bug 1929.

  o Minor bugfixes (on 0.2.1.x and earlier):
    - For bandwidth accounting, calculate our expected bandwidth rate
      based on the time during which we were active and not in
      soft-hibernation during the last interval. Previously, we were
      also considering the time spent in soft-hibernation. If this
      was a long time, we would wind up underestimating our bandwidth
      by a lot, and skewing our wakeup time towards the start of the
      accounting interval. Fixes bug 1789. Bugfix on 0.0.9pre5.

  o Minor bugfixes (on 0.2.2.x):
    - Resume generating CIRC FAILED REASON=TIMEOUT control port messages,
      which were disabled by the circuit build timeout changes in Bugfix on; fixes bug 1739.
    - Make sure we don't warn about missing bandwidth weights when
      choosing bridges or other relays not in the consensus. Bugfix on; fixes bug 1805.
    - In our logs, do not double-report signatures from unrecognized
      authorities both as "from unknown authority" and "not
      present". Fixes bug 1956, bugfix on

Changes in version - 2010-09-17
  Tor fixes a variety of old stream fairness bugs (most
  evident at exit relays), and also continues to resolve all the little
  bugs that have been filling up trac lately.

  o Major bugfixes (stream-level fairness):
    - When receiving a circuit-level SENDME for a blocked circuit, try
      to package cells fairly from all the streams that had previously
      been blocked on that circuit. Previously, we had started with the
      oldest stream, and allowed each stream to potentially exhaust
      the circuit's package window. This gave older streams on any
      given circuit priority over newer ones. Fixes bug 1937. Detected
      originally by Camilo Viecco. This bug was introduced before the
      first Tor release, in svn commit r152: it is the new winner of
      the longest-lived bug prize.
    - When the exit relay got a circuit-level sendme cell, it started
      reading on the exit streams, even if had 500 cells queued in the
      circuit queue already, so the circuit queue just grew and grew in
      some cases. We fix this by not re-enabling reading on receipt of a
      sendme cell when the cell queue is blocked. Fixes bug 1653. Bugfix
      on Detected by Mashael AlSabah. Original patch by
    - Newly created streams were allowed to read cells onto circuits,
      even if the circuit's cell queue was blocked and waiting to drain.
      This created potential unfairness, as older streams would be
      blocked, but newer streams would gladly fill the queue completely.
      We add code to detect this situation and prevent any stream from
      getting more than one free cell. Bugfix on Partially
      fixes bug 1298.

  o Minor features:
    - Update to the September 1 2010 Maxmind GeoLite Country database.
    - Warn when CookieAuthFileGroupReadable is set but CookieAuthFile is
      not. This would lead to a cookie that is still not group readable.
      Closes bug 1843. Suggested by katmagic.
    - When logging a rate-limited warning, we now mention how many messages
      got suppressed since the last warning.
    - Add new "perconnbwrate" and "perconnbwburst" consensus params to
      do individual connection-level rate limiting of clients. The torrc
      config options with the same names trump the consensus params, if
      both are present. Replaces the old "bwconnrate" and "bwconnburst"
      consensus params which were broken from through Closes bug 1947.
    - When a router changes IP address or port, authorities now launch
      a new reachability test for it. Implements ticket 1899.
    - Make the formerly ugly "2 unknown, 7 missing key, 0 good, 0 bad,
      2 no signature, 4 required" messages about consensus signatures
      easier to read, and make sure they get logged at the same severity
      as the messages explaining which keys are which. Fixes bug 1290.
    - Don't warn when we have a consensus that we can't verify because
      of missing certificates, unless those certificates are ones
      that we have been trying and failing to download. Fixes bug 1145.
    - If you configure your bridge with a known identity fingerprint,
      and the bridge authority is unreachable (as it is in at least
      one country now), fall back to directly requesting the descriptor
      from the bridge. Finishes the feature started in;
      closes bug 1138.
    - When building with --enable-gcc-warnings on OpenBSD, disable
      warnings in system headers. This makes --enable-gcc-warnings
      pass on OpenBSD 4.8.

  o Minor bugfixes (on 0.2.1.x and earlier):
    - Authorities will now attempt to download consensuses if their
      own efforts to make a live consensus have failed. This change
      means authorities that restart will fetch a valid consensus, and
      it means authorities that didn't agree with the current consensus
      will still fetch and serve it if it has enough signatures. Bugfix
      on; fixes bug 1300.
    - Ensure DNS requests launched by "RESOLVE" commands from the
      controller respect the __LeaveStreamsUnattached setconf options. The
      same goes for requests launched via DNSPort or transparent
      proxying. Bugfix on; fixes bug 1525.
    - Allow handshaking OR connections to take a full KeepalivePeriod
      seconds to handshake. Previously, we would close them after
      IDLE_OR_CONN_TIMEOUT (180) seconds, the same timeout as if they
      were open. Bugfix on; fixes bug 1840. Thanks to mingw-san
      for analysis help.
    - Rate-limit "Failed to hand off onionskin" warnings.
    - Never relay a cell for a circuit we have already destroyed.
      Between marking a circuit as closeable and finally closing it,
      it may have been possible for a few queued cells to get relayed,
      even though they would have been immediately dropped by the next
      OR in the circuit. Fixes bug 1184; bugfix on
    - Never queue a cell for a circuit that's already been marked
      for close.
    - Never vote for a server as "Running" if we have a descriptor for
      it claiming to be hibernating, and that descriptor was published
      more recently than our last contact with the server. Bugfix on; fixes bug 911.
    - Squash a compile warning on OpenBSD. Reported by Tas; fixes
      bug 1848.

  o Minor bugfixes (on 0.2.2.x):
    - Fix a regression introduced in that marked relays
      down if a directory fetch fails and you've configured either
      bridges or EntryNodes. The intent was to mark the relay as down
      _unless_ you're using bridges or EntryNodes, since if you are
      then you could quickly run out of entry points.
    - Fix the Windows directory-listing code. A bug introduced in could make Windows directory servers forget to load
      some of their cached v2 networkstatus files.
    - Really allow clients to use relays as bridges. Fixes bug 1776;
      bugfix on
    - Demote a warn to info that happens when the CellStatistics option
      was just enabled. Bugfix on; fixes bug 1921.
      Reported by Moritz Bartl.
    - On Windows, build correctly either with or without Unicode support.
      This is necessary so that Tor can support fringe platforms like
      Windows 98 (which has no Unicode), or Windows CE (which has no
      non-Unicode). Bugfix on; fixes bug 1797.

  o Testing
    - Add a unit test for cross-platform directory-listing code.

Changes in version - 2010-08-18
  Tor fixes a big bug in hidden service availability,
  fixes a variety of other bugs that were preventing performance
  experiments from moving forward, fixes several bothersome memory leaks,
  and generally closes a lot of smaller bugs that have been filling up
  trac lately.

  o Major bugfixes:
    - Stop assigning the HSDir flag to relays that disable their
      DirPort (and thus will refuse to answer directory requests). This
      fix should dramatically improve the reachability of hidden services:
      hidden services and hidden service clients pick six HSDir relays
      to store and retrieve the hidden service descriptor, and currently
      about half of the HSDir relays will refuse to work. Bugfix on; fixes part of bug 1693.
    - The PerConnBWRate and Burst config options, along with the
      bwconnrate and bwconnburst consensus params, initialized each conn's
      token bucket values only when the connection is established. Now we
      update them if the config options change, and update them every time
      we get a new consensus. Otherwise we can encounter an ugly edge
      case where we initialize an OR conn to client-level bandwidth,
      but then later the relay joins the consensus and we leave it
      throttled. Bugfix on; fixes bug 1830.
    - Fix a regression that caused Tor to rebind its ports if it receives
      SIGHUP while hibernating. Bugfix in; closes bug 919.

  o Major features:
    - Lower the maximum weighted-fractional-uptime cutoff to 98%. This
      should give us approximately 40-50% more Guard-flagged nodes,
      improving the anonymity the Tor network can provide and also
      decreasing the dropoff in throughput that relays experience when
      they first get the Guard flag.
    - Allow enabling or disabling the *Statistics config options while
      Tor is running.

  o Minor features:
    - Update to the August 1 2010 Maxmind GeoLite Country database.
    - Have the controller interface give a more useful message than
      "Internal Error" in response to failed GETINFO requests.
    - Warn when the same option is provided more than once in a torrc
      file, on the command line, or in a single SETCONF statement, and
      the option is one that only accepts a single line. Closes bug 1384.
    - Build correctly on mingw with more recent versions of OpenSSL 0.9.8.
      Patch from mingw-san.
    - Add support for the country code "{??}" in torrc options like
      ExcludeNodes, to indicate all routers of unknown country. Closes
      bug 1094.
    - Relays report the number of bytes spent on answering directory
      requests in extra-info descriptors similar to {read,write}-history.
      Implements enhancement 1790.

  o Minor bugfixes (on 0.2.1.x and earlier):
    - Complain if PublishServerDescriptor is given multiple arguments that
      include 0 or 1. This configuration will be rejected in the future.
      Bugfix on; closes bug 1107.
    - Disallow BridgeRelay 1 and ORPort 0 at once in the configuration.
      Bugfix on; closes bug 928.
    - Change "Application request when we're believed to be offline."
      notice to "Application request when we haven't used client
      functionality lately.", to clarify that it's not an error. Bugfix
      on; fixes bug 1222.
    - Fix a bug in the controller interface where "GETINFO ns/asdaskljkl"
      would return "551 Internal error" rather than "552 Unrecognized key
      ns/asdaskljkl". Bugfix on
    - Users can't configure a regular relay to be their bridge. It didn't
      work because when Tor fetched the bridge descriptor, it found
      that it already had it, and didn't realize that the purpose of the
      descriptor had changed. Now we replace routers with a purpose other
      than bridge with bridge descriptors when fetching them. Bugfix on Bug 1776 not yet fixed because now we immediately
      refetch the descriptor with router purpose 'general', disabling
      it as a bridge.
    - Fix a rare bug in rend_fn unit tests: we would fail a test when
      a randomly generated port is 0. Diagnosed by Matt Edman. Bugfix
      on; fixes bug 1808.
    - Exit nodes didn't recognize EHOSTUNREACH as a plausible error code,
      and so sent back END_STREAM_REASON_MISC. Clients now recognize a new
      stream ending reason for this case: END_STREAM_REASON_NOROUTE.
      Servers can start sending this code when enough clients recognize
      it. Also update the spec to reflect this new reason. Bugfix on; fixes part of bug 1793.
    - Delay geoip stats collection by bridges for 6 hours, not 2 hours,
      when we switch from being a public relay to a bridge. Otherwise
      there will still be clients that see the relay in their consensus,
      and the stats will end up wrong. Bugfix on; fixes bug
      932 even more.
    - Instead of giving an assertion failure on an internal mismatch
      on estimated freelist size, just log a BUG warning and try later.
      Mitigates but does not fix bug 1125.
    - Fix an assertion failure that could occur in caches or bridge users
      when using a very short voting interval on a testing network.
      Diagnosed by Robert Hogan. Fixes bug 1141; bugfix on

  o Minor bugfixes (on 0.2.2.x):
    - Alter directory authorities to always consider Exit-flagged nodes
      as potential Guard nodes in their votes. The actual decision to
      use Exits as Guards is done in the consensus bandwidth weights.
      Fixes bug 1294; bugfix on
    - When the controller is reporting the purpose of circuits that
      didn't finish building before the circuit build timeout, it was
      printing UNKNOWN_13. Now print EXPIRED. Bugfix on
    - Our libevent version parsing code couldn't handle versions like
      1.4.14b-stable and incorrectly warned the user about using an
      old and broken version of libevent. Treat 1.4.14b-stable like
      1.4.14-stable when parsing the version. Fixes bug 1731; bugfix
    - Don't use substitution references like $(VAR:MOD) when
      $(asciidoc_files) is empty -- make(1) on NetBSD transforms
      '$(:x)' to 'x' rather than the empty string. This bites us in
      doc/ when configured with --disable-asciidoc. Bugfix on; fixes bug 1773.
    - Remove a spurious hidden service server-side log notice about
      "Ancient non-dirty circuits". Bugfix on; fixes
      bug 1741.
    - Fix compilation with --with-dmalloc set. Bugfix on;
      fixes bug 1832.
    - Correctly report written bytes on linked connections. Found while
      implementing 1790. Bugfix on
    - Fix three memory leaks: one in circuit_build_times_parse_state(),
      one in dirvote_add_signatures_to_pending_consensus(), and one every
      time we parse a v3 network consensus. Bugfixes on,, and respectively; fixes bug 1831.

  o Code simplifications and refactoring:
    - Take a first step towards making or.h smaller by splitting out
      function definitions for all source files in src/or/. Leave
      structures and defines in or.h for now.
    - Remove a bunch of unused function declarations as well as a block of
      #if 0'd code from the unit tests. Closes bug 1824.
    - New unit tests for exit-port history statistics; refactored exit
      statistics code to be more easily tested.
    - Remove the old debian/ directory from the main Tor distribution.
      The official Tor-for-debian git repository lives at the URL

Changes in version - 2010-07-12
  Tor greatly improves client-side handling of
  circuit build timeouts, which are used to estimate speed and improve
  performance. We also move to a much better GeoIP database, port Tor to
  Windows CE, introduce new compile flags that improve code security,
  add an eighth v3 directory authority, and address a lot of more
  minor issues.

  o Major bugfixes:
    - Tor directory authorities no longer crash when started with a
      cached-microdesc-consensus file in their data directory. Bugfix
      on; fixes bug 1532.
    - Treat an unset $HOME like an empty $HOME rather than triggering an
      assert. Bugfix on 0.0.8pre1; fixes bug 1522.
    - Ignore negative and large circuit build timeout values that can
      happen during a suspend or hibernate. These values caused various
      asserts to fire. Bugfix on; fixes bug 1245.
    - Alter calculation of Pareto distribution parameter 'Xm' for
      Circuit Build Timeout learning to use the weighted average of the
      top N=3 modes (because we have three entry guards). Considering
      multiple modes should improve the timeout calculation in some cases,
      and prevent extremely high timeout values. Bugfix on;
      fixes bug 1335.
    - Alter calculation of Pareto distribution parameter 'Alpha' to use a
      right censored distribution model. This approach improves over the
      synthetic timeout generation approach that was producing insanely
      high timeout values. Now we calculate build timeouts using truncated
      times. Bugfix on; fixes bugs 1245 and 1335.
    - Do not close circuits that are under construction when they reach
      the circuit build timeout. Instead, leave them building (but do not
      use them) for up until the time corresponding to the 95th percentile
      on the Pareto CDF or 60 seconds, whichever is greater. This is done
      to provide better data for the new Pareto model. This percentile
      can be controlled by the consensus.

  o Major features:
    - Move to the June 2010 Maxmind GeoLite country db (rather than the
      June 2009 ip-to-country GeoIP db) for our statistics that count
      how many users relays are seeing from each country. Now we have
      more accurate data for many African countries.
    - Port Tor to build and run correctly on Windows CE systems, using
      the wcecompat library. Contributed by Valerio Lupi.
    - New "--enable-gcc-hardening" ./configure flag (off by default)
      to turn on gcc compile time hardening options. It ensures
      that signed ints have defined behavior (-fwrapv), enables
      -D_FORTIFY_SOURCE=2 (requiring -O2), adds stack smashing protection
      with canaries (-fstack-protector-all), turns on ASLR protection if
      supported by the kernel (-fPIE, -pie), and adds additional security
      related warnings. Verified to work on Mac OS X and Debian Lenny.
    - New "--enable-linker-hardening" ./configure flag (off by default)
      to turn on ELF specific hardening features (relro, now). This does
      not work with Mac OS X or any other non-ELF binary format.

  o New directory authorities:
    - Set up maatuska (run by Linus Nordberg) as the eighth v3 directory

  o Minor features:
    - New config option "WarnUnsafeSocks 0" disables the warning that
      occurs whenever Tor receives only an IP address instead of a
      hostname. Setups that do DNS locally over Tor are fine, and we
      shouldn't spam the logs in that case.
    - Convert the HACKING file to asciidoc, and add a few new sections
      to it, explaining how we use Git, how we make changelogs, and
      what should go in a patch.
    - Add a TIMEOUT_RATE keyword to the BUILDTIMEOUT_SET control port
      event, to give information on the current rate of circuit timeouts
      over our stored history.
    - Add ability to disable circuit build time learning via consensus
      parameter and via a LearnCircuitBuildTimeout config option. Also
      automatically disable circuit build time calculation if we are
      either a AuthoritativeDirectory, or if we fail to write our state
      file. Fixes bug 1296.
    - More gracefully handle corrupt state files, removing asserts
      in favor of saving a backup and resetting state.
    - Rename the "log.h" header to "torlog.h" so as to conflict with fewer
      system headers.

  o Minor bugfixes:
    - Build correctly on OSX with zlib 1.2.4 and higher with all warnings
    - When a2x fails, mention that the user could disable manpages instead
      of trying to fix their asciidoc installation.
    - Where available, use Libevent 2.0's periodic timers so that our
      once-per-second cleanup code gets called even more closely to
      once per second than it would otherwise. Fixes bug 943.
    - If you run a bridge that listens on multiple IP addresses, and
      some user configures a bridge address that uses a different IP
      address than your bridge writes in its router descriptor, and the
      user doesn't specify an identity key, their Tor would discard the
      descriptor because "it isn't one of our configured bridges", and
      fail to bootstrap. Now believe the descriptor and bootstrap anyway.
      Bugfix on
    - If OpenSSL fails to make a duplicate of a private or public key, log
      an error message and try to exit cleanly. May help with debugging
      if bug 1209 ever remanifests.
    - Save a couple bytes in memory allocation every time we escape
      certain characters in a string. Patch from Florian Zumbiehl.
    - Make it explicit that we don't cannibalize one-hop circuits. This
      happens in the wild, but doesn't turn out to be a problem because
      we fortunately don't use those circuits. Many thanks to outofwords
      for the initial analysis and to swissknife who confirmed that
      two-hop circuits are actually created.
    - Make directory mirrors report non-zero dirreq-v[23]-shares again.
      Fixes bug 1564; bugfix on
    - Eliminate a case where a circuit build time warning was displayed
      after network connectivity resumed. Bugfix on

To generate a diff of this commit:
cvs -z3 rdiff -u -r1.25 -r1.26 wip/tor-dev/distinfo
cvs -z3 rdiff -u -r1.34 -r1.35 wip/tor-dev/Makefile

To view a diff of this commit:

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
pkgsrc-wip-cvs mailing list

Home | Main Index | Thread Index | Old Index