[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Tor is out

Tor greatly improves client-side handling of circuit build
timeouts, which are used to estimate speed and improve performance. We
also move to a much better GeoIP database, port Tor to Windows CE,
introduce new compile flags that improve code security, add an eighth
v3 directory authority, and address a lot of more minor issues.


Packages will be appearing over the next few days or weeks. (We've decided
to start announcing alpha versions when they're released, rather than
waiting for all the packages first.)

Changes in version - 2010-07-12
  o Major bugfixes:
    - Tor directory authorities no longer crash when started with a
      cached-microdesc-consensus file in their data directory. Bugfix
      on; fixes bug 1532.
    - Treat an unset $HOME like an empty $HOME rather than triggering an
      assert. Bugfix on 0.0.8pre1; fixes bug 1522.
    - Ignore negative and large circuit build timeout values that can
      happen during a suspend or hibernate. These values caused various
      asserts to fire. Bugfix on; fixes bug 1245.
    - Alter calculation of Pareto distribution parameter 'Xm' for
      Circuit Build Timeout learning to use the weighted average of the
      top N=3 modes (because we have three entry guards). Considering
      multiple modes should improve the timeout calculation in some cases,
      and prevent extremely high timeout values. Bugfix on;
      fixes bug 1335.
    - Alter calculation of Pareto distribution parameter 'Alpha' to use a
      right censored distribution model. This approach improves over the
      synthetic timeout generation approach that was producing insanely
      high timeout values. Now we calculate build timeouts using truncated
      times. Bugfix on; fixes bugs 1245 and 1335.
    - Do not close circuits that are under construction when they reach
      the circuit build timeout. Instead, leave them building (but do not
      use them) for up until the time corresponding to the 95th percentile
      on the Pareto CDF or 60 seconds, whichever is greater. This is done
      to provide better data for the new Pareto model. This percentile
      can be controlled by the consensus.

  o Major features:
    - Move to the June 2010 Maxmind GeoLite country db (rather than the
      June 2009 ip-to-country GeoIP db) for our statistics that count
      how many users relays are seeing from each country. Now we have
      more accurate data for many African countries.
    - Port Tor to build and run correctly on Windows CE systems, using
      the wcecompat library. Contributed by Valerio Lupi.
    - New "--enable-gcc-hardening" ./configure flag (off by default)
      to turn on gcc compile time hardening options. It ensures
      that signed ints have defined behavior (-fwrapv), enables
      -D_FORTIFY_SOURCE=2 (requiring -O2), adds stack smashing protection
      with canaries (-fstack-protector-all), turns on ASLR protection if
      supported by the kernel (-fPIE, -pie), and adds additional security
      related warnings. Verified to work on Mac OS X and Debian Lenny.
    - New "--enable-linker-hardening" ./configure flag (off by default)
      to turn on ELF specific hardening features (relro, now). This does
      not work with Mac OS X or any other non-ELF binary format.

  o New directory authorities:
    - Set up maatuska (run by Linus Nordberg) as the eighth v3 directory

  o Minor features:
    - New config option "WarnUnsafeSocks 0" disables the warning that
      occurs whenever Tor receives only an IP address instead of a
      hostname. Setups that do DNS locally over Tor are fine, and we
      shouldn't spam the logs in that case.
    - Convert the HACKING file to asciidoc, and add a few new sections
      to it, explaining how we use Git, how we make changelogs, and
      what should go in a patch.
    - Add a TIMEOUT_RATE keyword to the BUILDTIMEOUT_SET control port
      event, to give information on the current rate of circuit timeouts
      over our stored history.
    - Add ability to disable circuit build time learning via consensus
      parameter and via a LearnCircuitBuildTimeout config option. Also
      automatically disable circuit build time calculation if we are
      either a AuthoritativeDirectory, or if we fail to write our state
      file. Fixes bug 1296.
    - More gracefully handle corrupt state files, removing asserts
      in favor of saving a backup and resetting state.
    - Rename the "log.h" header to "torlog.h" so as to conflict with fewer
      system headers.

  o Minor bugfixes:
    - Build correctly on OSX with zlib 1.2.4 and higher with all warnings
    - When a2x fails, mention that the user could disable manpages instead
      of trying to fix their asciidoc installation.
    - Where available, use Libevent 2.0's periodic timers so that our
      once-per-second cleanup code gets called even more closely to
      once per second than it would otherwise. Fixes bug 943.
    - If you run a bridge that listens on multiple IP addresses, and
      some user configures a bridge address that uses a different IP
      address than your bridge writes in its router descriptor, and the
      user doesn't specify an identity key, their Tor would discard the
      descriptor because "it isn't one of our configured bridges", and
      fail to bootstrap. Now believe the descriptor and bootstrap anyway.
      Bugfix on
    - If OpenSSL fails to make a duplicate of a private or public key, log
      an error message and try to exit cleanly. May help with debugging
      if bug 1209 ever remanifests.
    - Save a couple bytes in memory allocation every time we escape
      certain characters in a string. Patch from Florian Zumbiehl.
    - Make it explicit that we don't cannibalize one-hop circuits. This
      happens in the wild, but doesn't turn out to be a problem because
      we fortunately don't use those circuits. Many thanks to outofwords
      for the initial analysis and to swissknife who confirmed that
      two-hop circuits are actually created.
    - Make directory mirrors report non-zero dirreq-v[23]-shares again.
      Fixes bug 1564; bugfix on
    - Eliminate a case where a circuit build time warning was displayed
      after network connectivity resumed. Bugfix on

Attachment: signature.asc
Description: Digital signature