[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] checkpoint some changelog items for 0.1.1.11-alpha
Update of /home2/or/cvsroot/tor
In directory moria:/home/arma/work/onion/cvs/tor
Modified Files:
ChangeLog
Log Message:
checkpoint some changelog items for 0.1.1.11-alpha
Index: ChangeLog
===================================================================
RCS file: /home2/or/cvsroot/tor/ChangeLog,v
retrieving revision 1.128
retrieving revision 1.129
diff -u -p -d -r1.128 -r1.129
--- ChangeLog 3 Jan 2006 05:32:21 -0000 1.128
+++ ChangeLog 4 Jan 2006 08:31:29 -0000 1.129
@@ -1,3 +1,96 @@
+Changes in version 0.1.1.11-alpha - 2006-01-xx
+
+ o Crashes in 0.1.1.x:
+ - Include all the assert/crash fixes from 0.1.0.16.
+ - If you start Tor and then quit very quickly, there were some
+ races that tried to free things that weren't allocated yet.
+ - Fix a rare memory stomp if you're running hidden services.
+ - Fix segfault when specifying DirServer in config without nickname.
+ - Fix a seg fault when you finish connecting to a server but at
+ that moment you dump his server descriptor.
+ - Extendcircuit and Attachstream controller commands would
+ assert/crash if you don't give them enough arguments.
+
+ o Major features:
+ - Automatically choose a handful of entry nodes and stick with them
+ for all circuits. Only pick new ones when the ones you have are
+ unsuitable, and if the old ones become suitable again, switch back.
+ This will increase security dramatically against certain end-point
+ attacks. The EntryNodes config option now provides some hints
+ about which entry nodes you want to use most; and StrictEntryNodes
+ - New directory logic: download by descriptor digest, not by
+ fingerprint. Caches try to download all listed digests from
+ authorities; clients try to download "best" digests from caches.
+ Now we avoid partitioning and isolating attacks better.
+ - Make the "stable" flag in network-status be the median of the
+ uptimes of running valid servers. That way the cutoff adapts to
+ the stability of the network as a whole. This will make IRC, IM,
+ etc connections more reliable.
+ - Make clients look at the fast and stable flags in networkstatus,
+ not at the bandwidth and uptime declared in the router descriptors.
+
+ o Major fixes:
+ - Tor servers with dynamic IP addresses were needing to wait 18
+ hours before they could start doing reachability testing using
+ the new IP address and ports. This is because they were using
+ the internal descriptor to learn what to test, yet they were only
+ rebuilding the descriptor once they decided they were reachable.
+
+
+ o Minor fixes:
+ - If the network is down, and we try to connect to a conn because
+ we have a circuit in mind, and we timeout (30 seconds) because the
+ network never answers, we were expiring the circuit, but we weren't
+ obsoleting the connection or telling the entry_nodes functions. now
+ do that.
+ - Some tor servers process billions of cells in a matter of days.
+ These statistics need to be uint64_t's.
+ - Check for integer overflows in more places, when adding elements
+ to smartlists. This could possibly prevent a buffer overflow
+ on malicious huge inputs. I don't see any, but I haven't looked
+ carefully.
+ - ReachableAddresses kept growing new "reject *:*" lines on every
+ reload.
+ - When you "setconf log" via the controller, it should remove all
+ logs. We were automatically adding back in a "log notice stdout".
+ - Newly bootstrapped tor networks couldn't establish hidden service
+ circuits until they had nodes with high uptime. Be more tolerant.
+ - We were marking servers down when they could not answer every piece
+ of the directory request we sent them. This was far too harsh.
+ - Fix the torify (tsocks) config file to not use Tor for localhost
+ connections.
+
+
+ o Minor features:
+ - Write the TorVersion into the state file so we have a prayer of
+ keeping forward and backward compatibility.
+ - Revive the FascistFirewall config option rather than eliminating it:
+ now it's a synonym for ReachableAddresses *:80,*:443.
+ - Clients choose directory servers from the network status lists,
+ not from their internal list of router descriptors. Now we can
+ go to caches directly rather than needing to go to authorities
+ to bootstrap.
+ - Directory authorities ignore router descriptors that have only
+ cosmetic differences: do this for 0.1.0.x servers now too.
+ - Add a new flag to network-status indicating whether the server
+ can answer v2 directory requests too.
+ - Authdirs now stop whining so loudly about bad descriptors that
+ they fetch from other dirservers. now when there's a log complaint,
+ it's for sure from a freshly uploaded descriptor.
+ - Reduce memory requirements in our structs by changing the order
+ of fields.
+ - There used to be two ways to specify your listening ports in a
+ server descriptor: on the "router" line and with a separate "ports"
+ line. Remove support for the "ports" line.
+ - New config option "AuthDirRejectUnlisted" for auth dirservers as
+ a panic button: if we get flooded with unusable servers we can
+ revert to only listing servers in the approved-routers file.
+ - Auth dir servers can also mark a fingerprint as "!reject" or
+ "!invalid" in the approved-routers file (as its nickname), to
+ refuse descriptors outright or include them but marked as invalid.
+ - Servers store bandwidth history across restarts/crashes.
+
+
Changes in version 0.1.1.10-alpha - 2005-12-11
o Correctness bugfixes on 0.1.0.x:
- On Windows, build with a libevent patch from "I-M Weasel" to avoid