Tor 0.2.1.10-alpha fixes two major bugs in bridge relays (one that would make the bridge relay not so useful if it had DirPort set to 0, and one that could let an attacker learn a little bit of information about the bridge's users), and a bug that would cause your Tor relay to ignore a circuit create request it can't decrypt (rather than reply with an error). It also fixes a wide variety of other bugs. https://www.torproject.org/download.html.en Changes in version 0.2.1.10-alpha - 2009-01-06 o Major bugfixes: - If the cached networkstatus consensus is more than five days old, discard it rather than trying to use it. In theory it could be useful because it lists alternate directory mirrors, but in practice it just means we spend many minutes trying directory mirrors that are long gone from the network. Helps bug 887 a bit; bugfix on 0.2.0.x. - Bridge relays that had DirPort set to 0 would stop fetching descriptors shortly after startup, and then briefly resume after a new bandwidth test and/or after publishing a new bridge descriptor. Bridge users that try to bootstrap from them would get a recent networkstatus but would get descriptors from up to 18 hours earlier, meaning most of the descriptors were obsolete already. Reported by Tas; bugfix on 0.2.0.13-alpha. - Prevent bridge relays from serving their 'extrainfo' document to anybody who asks, now that extrainfo docs include potentially sensitive aggregated client geoip summaries. Bugfix on 0.2.0.13-alpha. o Minor features: - New controller event "clients_seen" to report a geoip-based summary of which countries we've seen clients from recently. Now controllers like Vidalia can show bridge operators that they're actually making a difference. - Build correctly against versions of OpenSSL 0.9.8 or later built without support for deprecated functions. - Update to the "December 19 2008" ip-to-country file. o Minor bugfixes (on 0.2.0.x): - Authorities now vote for the Stable flag for any router whose weighted MTBF is at least 5 days, regardless of the mean MTBF. - Do not remove routers as too old if we do not have any consensus document. Bugfix on 0.2.0.7-alpha. - Do not accept incomplete ipv4 addresses (like 192.168.0) as valid. Spec conformance issue. Bugfix on Tor 0.0.2pre27. - When an exit relay resolves a stream address to a local IP address, do not just keep retrying that same exit relay over and over. Instead, just close the stream. Addresses bug 872. Bugfix on 0.2.0.32. Patch from rovv. - If a hidden service sends us an END cell, do not consider retrying the connection; just close it. Patch from rovv. - When we made bridge authorities stop serving bridge descriptors over unencrypted links, we also broke DirPort reachability testing for bridges. So bridges with a non-zero DirPort were printing spurious warns to their logs. Bugfix on 0.2.0.16-alpha. Fixes bug 709. - When a relay gets a create cell it can't decrypt (e.g. because it's using the wrong onion key), we were dropping it and letting the client time out. Now actually answer with a destroy cell. Fixes bug 904. Bugfix on 0.0.2pre8. - Squeeze 2-5% out of client performance (according to oprofile) by improving the implementation of some policy-manipulation functions. o Minor bugfixes (on 0.2.1.x): - Make get_interface_address() function work properly again; stop guessing the wrong parts of our address as our address. - Do not cannibalize a circuit if we're out of RELAY_EARLY cells to send on that circuit. Otherwise we might violate the proposal-110 limit. Bugfix on 0.2.1.3-alpha. Partial fix for Bug 878. Diagnosis thanks to Karsten. - When we're sending non-EXTEND cells to the first hop in a circuit, for example to use an encrypted directory connection, we don't need to use RELAY_EARLY cells: the first hop knows what kind of cell it is, and nobody else can even see the cell type. Conserving RELAY_EARLY cells makes it easier to cannibalize circuits like this later. - Stop logging nameserver addresses in reverse order. - If we are retrying a directory download slowly over and over, do not automatically give up after the 254th failure. Bugfix on 0.2.1.9-alpha. - Resume reporting accurate "stream end" reasons to the local control port. They were lost in the changes for Proposal 148. Bugfix on 0.2.1.9-alpha. o Deprecated and removed features: - The old "tor --version --version" command, which would print out the subversion "Id" of most of the source files, is now removed. It turned out to be less useful than we'd expected, and harder to maintain. o Code simplifications and refactoring: - Change our header file guard macros to be less likely to conflict with system headers. Adam Langley noticed that we were conflicting with log.h on Android. - Tool-assisted documentation cleanup. Nearly every function or static variable in Tor should have its own documentation now.
Description: Digital signature