[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor is out

Tor makes relay measurement by directory authorities
more robust, makes hidden service authentication work again, and
resolves a DPI fingerprint for Tor's SSL transport.


Changes in version - 2013-03-11
  o Major features (directory authorities):
    - Directory authorities now support a new consensus method (17)
      where they cap the published bandwidth of servers for which
      insufficient bandwidth measurements exist. Fixes part of bug 2286.
    - Directory authorities that set "DisableV2DirectoryInfo_ 1" no longer
      serve any v2 directory information. Now we can test disabling the
      old deprecated v2 directory format, and see whether doing so has
      any effect on network load. Begins to fix bug 6783.
    - Directory authorities now include inside each vote a statement of
      the performance thresholds they used when assigning flags.
      Implements ticket 8151.

  o Major bugfixes (directory authorities):
    - Stop marking every relay as having been down for one hour every
      time we restart a directory authority. These artificial downtimes
      were messing with our Stable and Guard flag calculations. Fixes
      bug 8218 (introduced by the fix for 1035). Bugfix on

  o Major bugfixes (hidden services):
    - Allow hidden service authentication to succeed again. When we
      refactored the hidden service introduction code back
      in, we didn't update the code that checks
      whether authentication information is present, causing all
      authentication checks to return "false". Fix for bug 8207; bugfix
      on Found by Coverity; this is CID 718615.

  o Minor features (relays, bridges):
    - Make bridge relays check once a minute for whether their IP
      address has changed, rather than only every 15 minutes. Resolves
      bugs 1913 and 1992.
    - Refactor resolve_my_address() so it returns the method by which we
      decided our public IP address (explicitly configured, resolved from
      explicit hostname, guessed from interfaces, learned by gethostname).
      Now we can provide more helpful log messages when a relay guesses
      its IP address incorrectly (e.g. due to unexpected lines in
      /etc/hosts). Resolves ticket 2267.
    - Teach bridge-using clients to avoid 0.2.2 bridges when making
      microdescriptor-related dir requests, and only fall back to normal
      descriptors if none of their bridges can handle microdescriptors
      (as opposed to the fix in ticket 4013, which caused them to fall
      back to normal descriptors if *any* of their bridges preferred
      them). Resolves ticket 4994.
    - Randomize the lifetime of our SSL link certificate, so censors can't
      use the static value for filtering Tor flows. Resolves ticket 8443;
      related to ticket 4014 which was included in

  o Minor features (portability):
    - Tweak the curve25519-donna*.c implementations to tolerate systems
      that lack stdint.h. Fixes bug 3894; bugfix on
    - Use Ville Laurikari's implementation of AX_CHECK_SIGN() to determine
      the signs of types during autoconf. This is better than our old
      approach, which didn't work when cross-compiling.
    - Detect the sign of enum values, rather than assuming that MSC is the
      only compiler where enum types are all signed. Fixes bug 7727;
      bugfix on

  o Minor features (other):
    - Say "KBytes" rather than "KB" in the man page (for various values
      of K), to further reduce confusion about whether Tor counts in
      units of memory or fractions of units of memory. Resolves ticket 7054.
    - Clear the high bit on curve25519 public keys before passing them to
      our backend, in case we ever wind up using a backend that doesn't do
      so itself. If we used such a backend, and *didn't* clear the high bit,
      we could wind up in a situation where users with such backends would
      be distinguishable from users without. Fixes bug 8121; bugfix on
    - Update to the March 6 2013 Maxmind GeoLite Country database.

  o Minor bugfixes (clients):
    - When we receive a RELAY_END cell with the reason DONE, or with no
      reason, before receiving a RELAY_CONNECTED cell, report the SOCKS
      status as "connection refused". Previously we reported these cases
      as success but then immediately closed the connection. Fixes bug
      7902; bugfix on Reported by "oftc_must_be_destroyed".
    - Downgrade an assertion in connection_ap_expire_beginning to an
      LD_BUG message. The fix for bug 8024 should prevent this message
      from displaying, but just in case, a warn that we can diagnose
      is better than more assert crashes. Fixes bug 8065; bugfix on
    - Lower path use bias thresholds to .80 for notice and .60 for warn.
      Also make the rate limiting flags for the path use bias log messages
      independent from the original path bias flags. Fixes bug 8161;
      bugfix on

  o Minor bugfixes (relays):
    - Stop trying to resolve our hostname so often (e.g. every time we
      think about doing a directory fetch). Now we reuse the cached
      answer in some cases. Fixes bugs 1992 (bugfix on
      and 2410 (bugfix on
    - Stop sending a stray "(null)" in some cases for the server status
      "EXTERNAL_ADDRESS" controller event. Resolves bug 8200; bugfix
    - When choosing which stream on a formerly stalled circuit to wake
      first, make better use of the platform's weak RNG. Previously,
      we had been using the % ("modulo") operator to try to generate a
      1/N chance of picking each stream, but this behaves badly with
      many platforms' choice of weak RNG. Fixes bug 7801; bugfix on
    - Use our own weak RNG when we need a weak RNG. Windows's rand() and
      Irix's random() only return 15 bits; Solaris's random() returns more
      bits but its RAND_MAX says it only returns 15, and so on. Motivated
      by the fix for bug 7801; bugfix on

  o Minor bugfixes (directory authorities):
    - Directory authorities now use less space when formatting identical
      microdescriptor lines in directory votes. Fixes bug 8158; bugfix

  o Minor bugfixes (memory leaks spotted by Coverity -- bug 7816):
    - Avoid leaking memory if we fail to compute a consensus signature
      or we generate a consensus we can't parse. Bugfix on
    - Fix a memory leak when receiving headers from an HTTPS proxy. Bugfix
    - Fix a memory leak during safe-cookie controller authentication.
      Bugfix on
    - Avoid memory leak of IPv6 policy content if we fail to format it into
      a router descriptor. Bugfix on

  o Minor bugfixes (other code correctness issues):
    - Avoid a crash if we fail to generate an extrainfo descriptor.
      Fixes bug 8208; bugfix on Found by Coverity;
      this is CID 718634.
    - When detecting the largest possible file descriptor (in order to
      close all file descriptors when launching a new program), actually
      use _SC_OPEN_MAX. The old code for doing this was very, very broken.
      Fixes bug 8209; bugfix on Found by Coverity; this
      is CID 743383.
    - Fix a copy-and-paste error when adding a missing A1 to a routerset
      because of GeoIPExcludeUnknown. Fix for Coverity CID 980650.
      Bugfix on
    - Fix an impossible-to-trigger integer overflow when estimating how
      long our onionskin queue would take. (This overflow would require us
      to accept 4 million onionskins before processing 100 of them.) Fixes
      bug 8210; bugfix on

  o Code simplification and refactoring:
    - Add a wrapper function for the common "log a message with a
      rate-limit" case.

Attachment: signature.asc
Description: Digital signature

tor-talk mailing list