[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor is out

Tor fixes yet more bugs to get us closer to a release
candidate. It also dramatically speeds up AES: fast relays should
consider switching to the newer OpenSSL library.


(Packages coming eventually.)

Changes in version - 2012-04-23
  o Directory authority changes:
    - Change IP address for ides (v3 directory authority), and rename
      it to turtles.

  o Major bugfixes:
    - Avoid logging uninitialized data when unable to decode a hidden
      service descriptor cookie. Fixes bug 5647; bugfix on
    - Avoid a client-side assertion failure when receiving an INTRODUCE2
      cell on a general purpose circuit. Fixes bug 5644; bugfix on
    - If authorities are unable to get a v2 consensus document from other
      directory authorities, they no longer fall back to fetching
      them from regular directory caches. Fixes bug 5635; bugfix on, where routers stopped downloading v2 consensus
      documents entirely.
    - When we start a Tor client with a normal consensus already cached,
      be willing to download a microdescriptor consensus. Fixes bug 4011;
      fix on

  o Major features (performance):
    - When built to use OpenSSL 1.0.1, and built for an x86 or x86_64
      instruction set, take advantage of OpenSSL's AESNI, bitsliced, or
      vectorized AES implementations as appropriate. These can be much,
      much faster than other AES implementations.

  o Minor bugfixes (0.2.2.x and earlier):
    - Don't launch more than 10 service-side introduction-point circuits
      for a hidden service in five minutes. Previously, we would consider
      launching more introduction-point circuits if at least one second
      had passed without any introduction-point circuits failing. Fixes
      bug 4607; bugfix on 0.0.7pre1.
    - Change the BridgePassword feature (part of the "bridge community"
      design, which is not yet implemented) to use a time-independent
      comparison. The old behavior might have allowed an adversary
      to use timing to guess the BridgePassword value. Fixes bug 5543;
      bugfix on
    - Enforce correct return behavior of tor_vsscanf() when the '%%'
      pattern is used. Fixes bug 5558. Bugfix on
    - When sending an HTTP/1.1 proxy request, include a Host header.
      Fixes bug 5593; bugfix on
    - Don't log that we have "decided to publish new relay descriptor"
      unless we are actually publishing a descriptor. Fixes bug 3942;
      bugfix on

  o Minor bugfixes (0.2.3.x):
    - Fix a bug where a bridge authority crashes (on a failed assert)
      if it has seen no directory requests when it's time to write
      statistics to disk. Fixes bug 5508. Bugfix on
    - Fix bug stomping on ORPort option NoListen and ignoring option
      NoAdvertise. Fixes bug 5151; bugfix on
    - In the testsuite, provide a large enough buffer in the tor_sscanf
      unit test. Otherwise we'd overrun that buffer and crash during
      the unit tests. Found by weasel. Fixes bug 5449; bugfix on
    - Make sure we create the keys directory if it doesn't exist and we're
      about to store the dynamic Diffie-Hellman parameters. Fixes bug
      5572; bugfix on
    - Fix a small memory leak when trying to decode incorrect base16
      authenticator during SAFECOOKIE authentication. Found by
      Coverity Scan. Fixes CID 507. Bugfix on

  o Minor features:
    - Add more information to a log statement that might help track down
      bug 4091. If you're seeing "Bug: tor_addr_is_internal() called with a
      non-IP address" messages (or any Bug messages, for that matter!),
      please let us know about it.
    - Relays now understand an IPv6 address when they get one from a
      directory server. Resolves ticket 4875.
    - Resolve IPv6 addresses in bridge and entry statistics to country
      code "??" which means we at least count them. Resolves ticket 5053;
      improves on
    - Update to the April 3 2012 Maxmind GeoLite Country database.
    - Begin a doc/state-contents.txt file to explain the contents of
      the Tor state file. Fixes bug 2987.

  o Default torrc changes:
    - Stop listing "socksport 9050" in torrc.sample. We open a socks
      port on 9050 by default anyway, so this should not change anything
      in practice.
    - Stop mentioning the deprecated *ListenAddress options in
      torrc.sample. Fixes bug 5438.
    - Document unit of bandwidth related options in sample torrc.
      Fixes bug 5621.

  o Removed features:
    - The "torify" script no longer supports the "tsocks" socksifier
      tool, since tsocks doesn't support DNS and UDP right for Tor.
      Everyone should be using torsocks instead. Fixes bugs 3530 and
      5180. Based on a patch by "ugh".

  o Code refactoring:
    - Change the symmetric cipher interface so that creating and
      initializing a stream cipher are no longer separate functions.
    - Remove all internal support for unpadded RSA. We never used it, and
      it would be a bad idea to start.

Attachment: signature.asc
Description: Digital signature

tor-talk mailing list