Tor 0.2.4.12-alpha moves Tor forward on several fronts: it starts the process for lengthening the guard rotation period, makes directory authority opinions in the consensus a bit less gameable, makes socks5 username/password circuit isolation actually work, and fixes a wide variety of other issues. https://www.torproject.org/dist/ Changes in version 0.2.4.12-alpha - 2013-04-18 o Major features: - Raise the default time that a client keeps an entry guard from "1-2 months" to "2-3 months", as suggested by Tariq Elahi's WPES 2012 paper. (We would make it even longer, but we need better client load balancing first.) Also, make the guard lifetime controllable via a new GuardLifetime torrc option and a GuardLifetime consensus parameter. Start of a fix for bug 8240; bugfix on 0.1.1.11-alpha. - Directory authorities now prefer using measured bandwidths to advertised ones when computing flags and thresholds. Resolves ticket 8273. - Directory authorities that have more than a threshold number of relays with measured bandwidths now treat relays with unmeasured bandwidths as having bandwidth 0. Resolves ticket 8435. o Major bugfixes (assert / resource use): - Avoid a bug where our response to TLS renegotiation under certain network conditions could lead to a busy-loop, with 100% CPU consumption. Fixes bug 5650; bugfix on 0.2.0.16-alpha. - Avoid an assertion when we discover that we'd like to write a cell onto a closing connection: just discard the cell. Fixes another case of bug 7350; bugfix on 0.2.4.4-alpha. o Major bugfixes (client-side privacy): - When we mark a circuit as unusable for new circuits, have it continue to be unusable for new circuits even if MaxCircuitDirtiness is increased too much at the wrong time, or the system clock jumps backwards. Fixes bug 6174; bugfix on 0.0.2pre26. - If ClientDNSRejectInternalAddresses ("do not believe DNS queries which have resolved to internal addresses") is set, apply that rule to IPv6 as well. Fixes bug 8475; bugfix on 0.2.0.7-alpha. - When an exit relay rejects a stream with reason "exit policy", but we only know an exit policy summary (e.g. from the microdesc consensus) for it, do not mark the relay as useless for all exiting. Instead, mark just the circuit as unsuitable for that particular address. Fixes part of bug 7582; bugfix on 0.2.3.2-alpha. - Allow applications to get proper stream isolation with IsolateSOCKSAuth. Many SOCKS5 clients that want to offer username/password authentication also offer "no authentication". Tor had previously preferred "no authentication", so the applications never actually sent Tor their auth details. Now Tor selects username/password authentication if it's offered. You can disable this behavior on a per-SOCKSPort basis via PreferSOCKSNoAuth. Fixes bug 8117; bugfix on 0.2.3.3-alpha. o Major bugfixes (other): - When unable to find any working directory nodes to use as a directory guard, give up rather than adding the same non-working nodes to the directory guard list over and over. Fixes bug 8231; bugfix on 0.2.4.8-alpha. o Minor features: - Reject as invalid most directory objects containing a NUL. Belt-and-suspender fix for bug 8037. - In our testsuite, create temporary directories with a bit more entropy in their name to make name collisions less likely. Fixes bug 8638. - Add CACHED keyword to ADDRMAP events in the control protocol to indicate whether a DNS result will be cached or not. Resolves ticket 8596. - Update to the April 3 2013 Maxmind GeoLite Country database. o Minor features (build): - Detect and reject attempts to build Tor with threading support when OpenSSL has been compiled without threading support. Fixes bug 6673. - Clarify that when autoconf is checking for nacl, it is checking specifically for nacl with a fast curve25519 implementation. Fixes bug 8014. - Warn if building on a platform with an unsigned time_t: there are too many places where Tor currently assumes that time_t can hold negative values. We'd like to fix them all, but probably some will remain. o Minor bugfixes (build): - Fix some bugs in tor-fw-helper-natpmp when trying to build and run it on Windows. More bugs likely remain. Patch from Gisle Vanem. Fixes bug 7280; bugfix on 0.2.3.1-alpha. - Add the old src/or/micro-revision.i filename to CLEANFILES. On the off chance that somebody has one, it will go away as soon as they run "make clean". Fix for bug 7143; bugfix on 0.2.4.1-alpha. - Build Tor correctly on 32-bit platforms where the compiler can build but not run code using the "uint128_t" construction. Fixes bug 8587; bugfix on 0.2.4.8-alpha. - Fix compilation warning with some versions of clang that would prefer the -Wswitch-enum compiler flag to warn about switch statements with missing enum values, even if those switch statements have a "default:" statement. Fixes bug 8598; bugfix on 0.2.4.10-alpha. o Minor bugfixes (protocol): - Fix the handling of a TRUNCATE cell when it arrives while the circuit extension is in progress. Fixes bug 7947; bugfix on 0.0.7.1. - Fix a misframing issue when reading the version numbers in a VERSIONS cell. Previously we would recognize [00 01 00 02] as 'version 1, version 2, and version 0x100', when it should have only included versions 1 and 2. Fixes bug 8059; bugfix on 0.2.0.10-alpha. Reported pseudonymously. - Make the format and order of STREAM events for DNS lookups consistent among the various ways to launch DNS lookups. Fixes bug 8203; bugfix on 0.2.0.24-rc. Patch by "Desoxy." - Correct our check for which versions of Tor support the EXTEND2 cell. We had been willing to send it to Tor 0.2.4.7-alpha and later, when support was really added in version 0.2.4.8-alpha. Fixes bug 8464; bugfix on 0.2.4.8-alpha. o Minor bugfixes (other): - Correctly store microdescriptors and extrainfo descriptors with an internal NUL byte. Fixes bug 8037; bugfix on 0.2.0.1-alpha. Bug reported by "cypherpunks". - Increase the width of the field used to remember a connection's link protocol version to two bytes. Harmless for now, since the only currently recognized versions are one byte long. Reported pseudonymously. Fixes bug 8062; bugfix on 0.2.0.10-alpha. - If the state file's path bias counts are invalid (presumably from a buggy Tor prior to 0.2.4.10-alpha), make them correct. Also add additional checks and log messages to the scaling of Path Bias counts, in case there still are remaining issues with scaling. Should help resolve bug 8235. - Eliminate several instances where we use "Nickname=ID" to refer to nodes in logs. Use "Nickname (ID)" instead. (Elsewhere, we still use "$ID=Nickname", which is also acceptable.) Fixes bug 7065. Bugfix on 0.2.3.21-rc, 0.2.4.5-alpha, 0.2.4.8-alpha, and 0.2.4.10-alpha. o Minor bugfixes (syscalls): - Always check the return values of functions fcntl() and setsockopt(). We don't believe these are ever actually failing in practice, but better safe than sorry. Also, checking these return values should please analysis tools like Coverity. Patch from 'flupzor'. Fixes bug 8206; bugfix on all versions of Tor. - Use direct writes rather than stdio when building microdescriptor caches, in an attempt to mitigate bug 8031, or at least make it less common. o Minor bugfixes (config): - When rejecting a configuration because we were unable to parse a quoted string, log an actual error message. Fixes bug 7950; bugfix on 0.2.0.16-alpha. - Behave correctly when the user disables LearnCircuitBuildTimeout but doesn't tell us what they would like the timeout to be. Fixes bug 6304; bugfix on 0.2.2.14-alpha. - When autodetecting the number of CPUs, use the number of available CPUs in preference to the number of configured CPUs. Inform the user if this reduces the number of available CPUs. Fixes bug 8002; bugfix on 0.2.3.1-alpha. - Make it an error when you set EntryNodes but disable UseGuardNodes, since it will (surprisingly to some users) ignore EntryNodes. Fixes bug 8180; bugfix on 0.2.3.11-alpha. - Allow TestingTorNetworks to override the 4096-byte minimum for the Fast threshold. Otherwise they can't bootstrap until they've observed more traffic. Fixes bug 8508; bugfix on 0.2.4.10-alpha. - Fix some logic errors when the user manually overrides the PathsNeededToBuildCircuits option in torrc. Fixes bug 8599; bugfix on 0.2.4.10-alpha. o Minor bugfixes (log messages to help diagnose bugs): - If we fail to free a microdescriptor because of bug 7164, log the filename and line number from which we tried to free it. - Add another diagnostic to the heartbeat message: track and log overhead that TLS is adding to the data we write. If this is high, we are sending too little data to SSL_write at a time. Diagnostic for bug 7707. - Add more detail to a log message about relaxed timeouts, to help track bug 7799. - Warn more aggressively when flushing microdescriptors to a microdescriptor cache fails, in an attempt to mitigate bug 8031, or at least make it more diagnosable. - Improve debugging output to help track down bug 8185 ("Bug: outgoing relay cell has n_chan==NULL. Dropping.") - Log the purpose of a path-bias testing circuit correctly. Improves a log message from bug 8477; bugfix on 0.2.4.8-alpha. o Minor bugfixes (0.2.4.x log messages that were too noisy): - Don't attempt to relax the timeout of already opened 1-hop circuits. They might never timeout. This should eliminate some/all cases of the relaxed timeout log message. - Use circuit creation time for network liveness evaluation. This should eliminate warning log messages about liveness caused by changes in timeout evaluation. Fixes bug 6572; bugfix on 0.2.4.8-alpha. - Reduce a path bias length check from notice to info. The message is triggered when creating controller circuits. Fixes bug 8196; bugfix on 0.2.4.8-alpha. - Fix a path state issue that triggered a notice during relay startup. Fixes bug 8320; bugfix on 0.2.4.10-alpha. - Reduce occurrences of warns about circuit purpose in connection_ap_expire_building(). Fixes bug 8477; bugfix on 0.2.4.11-alpha. o Minor bugfixes (pre-0.2.4.x log messages that were too noisy): - If we encounter a write failure on a SOCKS connection before we finish our SOCKS handshake, don't warn that we closed the connection before we could send a SOCKS reply. Fixes bug 8427; bugfix on 0.1.0.1-rc. - Correctly recognize that [::1] is a loopback address. Fixes bug 8377; bugfix on 0.2.1.3-alpha. - Fix a directory authority warn caused when we have a large amount of badexit bandwidth. Fixes bug 8419; bugfix on 0.2.2.10-alpha. - Don't log inappropriate heartbeat messages when hibernating: a hibernating node is _expected_ to drop out of the consensus, decide it isn't bootstrapped, and so forth. Fixes bug 7302; bugfix on 0.2.3.1-alpha. - Don't complain about bootstrapping problems while hibernating. These complaints reflect a general code problem, but not one with any problematic effects (no connections are actually opened). Fixes part of bug 7302; bugfix on 0.2.3.2-alpha. o Documentation fixes: - Update tor-fw-helper.1.txt and tor-fw-helper.c to make option names match. Fixes bug 7768. - Make the torify manpage no longer refer to tsocks; torify hasn't supported tsocks since 0.2.3.14-alpha. - Make the tor manpage no longer reference tsocks. - Fix the GeoIPExcludeUnknown documentation to refer to ExcludeExitNodes rather than the currently nonexistent ExcludeEntryNodes. Spotted by "hamahangi" on tor-talk. o Removed files: - The tor-tsocks.conf is no longer distributed or installed. We recommend that tsocks users use torsocks instead. Resolves ticket 8290.
Description: Digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk