[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Tor is out

This development snapshot fixes compilation on Windows again; fixes an
obnoxious client-side bug that slowed things down and put extra load
on the network; gets us closer to using the v3 directory voting scheme;
makes it easier for Tor controllers to use cookie-based authentication;
and fixes a variety of other bugs.


Changes in version - 2007-08-19
  o Removed features:
    - Version 1 directories are no longer generated in full. Instead,
      authorities generate and serve "stub" v1 directories that list
      no servers. This will stop Tor versions 0.1.0.x and earlier from
      working, but (for security reasons) nobody should be running those
      versions anyway.

  o Major bugfixes (compilation, 0.2.0.x):
    - Try to fix Win32 compilation again: improve checking for IPv6 types.
    - Try to fix MSVC compilation: build correctly on platforms that do
      not define s6_addr16 or s6_addr32.
    - Fix compile on platforms without getaddrinfo: bug found by Li-Hui

  o Major bugfixes (stream expiration):
    - Expire not-yet-successful application streams in all cases if
      they've been around longer than SocksTimeout. Right now there are
      some cases where the stream will live forever, demanding a new
      circuit every 15 seconds. Bugfix on; fixes bug 454;
      reported by lodger.

  o Minor features (directory servers):
    - When somebody requests a list of statuses or servers, and we have
      none of those, return a 404 rather than an empty 200.

  o Minor features (directory voting):
    - Store v3 consensus status consensuses on disk, and reload them
      on startup.

  o Minor features (security):
    - Warn about unsafe ControlPort configurations.
    - Refuse to start with certain directory authority keys, and
      encourage people using them to stop.

  o Minor features (controller):
    - Add a PROTOCOLINFO controller command. Like AUTHENTICATE, it
      is valid before any authentication has been received. It tells
      a controller what kind of authentication is expected, and what
      protocol is spoken. Implements proposal 119.
    - New config option CookieAuthFile to choose a new location for the
      cookie authentication file, and config option
      CookieAuthFileGroupReadable to make it group-readable.

  o Minor features (unit testing):
    - Add command-line arguments to unit-test executable so that we can
      invoke any chosen test from the command line rather than having
      to run the whole test suite at once; and so that we can turn on
      logging for the unit tests.

  o Minor bugfixes (on 0.1.2.x):
    - If we require CookieAuthentication but we fail to write the
      cookie file, we would warn but not exit, and end up in a state
      where no controller could authenticate. Now we exit.
    - If we require CookieAuthentication, stop generating a new cookie
      every time we change any piece of our config.
    - When loading bandwidth history, do not believe any information in
      the future.  Fixes bug 434.
    - When loading entry guard information, do not believe any information
      in the future.
    - When we have our clock set far in the future and generate an
      onion key, then re-set our clock to be correct, we should not stop
      the onion key from getting rotated.
    - Clean up torrc sample config file.
    - Do not automatically run configure from autogen.sh. This
      non-standard behavior tended to annoy people who have built other

  o Minor bugfixes (on 0.2.0.x):
    - Fix a bug with AutomapHostsOnResolve that would always cause
      the second request to fail. Bug reported by Kate. Bugfix on
    - Fix a bug in ADDRMAP controller replies that would sometimes
      try to print a NULL. Patch from tup.
    - Read v3 directory authority keys from the right location.
    - Numerous bugfixes to directory voting code.

Attachment: signature.asc
Description: Digital signature