Tor 0.2.0.10-alpha adds a third v3 directory authority run by Mike Perry, adds most of Karsten Loesing's new hidden service descriptor format, fixes a bad crash bug and new bridge bugs introduced in 0.2.0.9-alpha, fixes many bugs with the v3 directory implementation, fixes some minor memory leaks in previous 0.2.0.x snapshots, and addresses many more minor issues. Tor 0.2.0.11-alpha fixes some build problems with the previous snapshot. It also includes a more secure-by-default exit policy for relays, fixes an enormous memory leak for exit relays, and fixes another bug where servers were falling out of the directory list. Tor 0.2.0.12-alpha fixes some more build problems as well as a few minor bugs. https://www.torproject.org/download.html Changes in version 0.2.0.12-alpha - 2007-11-16 This twelfth development snapshot fixes some more build problems as well as a few minor bugs. o Compile fixes: - Make it build on OpenBSD again. Patch from tup. - Substitute BINDIR and LOCALSTATEDIR in scripts. Fixes package-building for Red Hat, OS X, etc. o Minor bugfixes (on 0.1.2.x): - Changing the ExitPolicyRejectPrivate setting should cause us to rebuild our server descriptor. o Minor bugfixes (on 0.2.0.x): - When we're lacking a consensus, don't try to perform rendezvous operations. Reported by Karsten Loesing. - Fix a small memory leak whenever we decide against using a newly picked entry guard. Reported by Mike Perry. - When authorities detected more than two relays running on the same IP address, they were clearing all the status flags but forgetting to clear the "hsdir" flag. So clients were being told that a given relay was the right choice for a v2 hsdir lookup, yet they never had its descriptor because it was marked as 'not running' in the consensus. - If we're trying to fetch a bridge descriptor and there's no way the bridge authority could help us (for example, we don't know a digest, or there is no bridge authority), don't be so eager to fall back to asking the bridge authority. - If we're using bridges or have strictentrynodes set, and our chosen exit is in the same family as all our bridges/entry guards, then be flexible about families. o Minor features: - When we negotiate a v2 link-layer connection (not yet implemented), accept RELAY_EARLY cells and turn them into RELAY cells if we've negotiated a v1 connection for their next step. Initial code for proposal 110. Changes in version 0.2.0.11-alpha - 2007-11-12 This eleventh development snapshot fixes some build problems with the previous snapshot. It also includes a more secure-by-default exit policy for relays, fixes an enormous memory leak for exit relays, and fixes another bug where servers were falling out of the directory list. o Security fixes: - Exit policies now reject connections that are addressed to a relay's public (external) IP address too, unless ExitPolicyRejectPrivate is turned off. We do this because too many relays are running nearby to services that trust them based on network address. Bugfix on 0.1.2.x. o Major bugfixes: - Fix a memory leak on exit relays; we were leaking a cached_resolve_t on every successful resolve. Reported by Mike Perry; bugfix on 0.1.2.x. - On authorities, never downgrade to old router descriptors simply because they're listed in the consensus. This created a catch-22 where we wouldn't list a new descriptor because there was an old one in the consensus, and we couldn't get the new one in the consensus because we wouldn't list it. Possible fix for bug 548. Also, this might cause bug 543 to appear on authorities; if so, we'll need a band-aid for that. Bugfix on 0.2.0.9-alpha. o Packaging fixes on 0.2.0.10-alpha: - We were including instructions about what to do with the src/config/fallback-consensus file, but we weren't actually including it in the tarball. Disable all of that for now. o Minor features: - Allow people to say PreferTunnelledDirConns rather than PreferTunneledDirConns, for those alternate-spellers out there. o Minor bugfixes: - Don't reevaluate all the information from our consensus document just because we've downloaded a v2 networkstatus that we intend to cache. Fixes bug 545; bugfix on 0.2.0.x. Changes in version 0.2.0.10-alpha - 2007-11-10 This tenth development snapshot adds a third v3 directory authority run by Mike Perry, adds most of Karsten Loesing's new hidden service descriptor format, fixes a bad crash bug and new bridge bugs introduced in 0.2.0.9-alpha, fixes many bugs with the v3 directory implementation, fixes some minor memory leaks in previous 0.2.0.x snapshots, and addresses many more minor issues. o New directory authorities: - Set up ides (run by Mike Perry) as the third v3 directory authority. o Major features: - Allow tunnelled directory connections to ask for an encrypted "begin_dir" connection or an anonymized "uses a full Tor circuit" connection independently. Now we can make anonymized begin_dir connections for (e.g.) more secure hidden service posting and fetching. - More progress on proposal 114: code from Karsten Loesing to implement new hidden service descriptor format. - Raise the default BandwidthRate/BandwidthBurst to 5MB/10MB, to accommodate the growing number of servers that use the default and are reaching it. - Directory authorities use a new formula for selecting which nodes to advertise as Guards: they must be in the top 7/8 in terms of how long we have known about them, and above the median of those nodes in terms of weighted fractional uptime. - Make "not enough dir info yet" warnings describe *why* Tor feels it doesn't have enough directory info yet. o Major bugfixes: - Stop servers from crashing if they set a Family option (or maybe in other situations too). Bugfix on 0.2.0.9-alpha; reported by Fabian Keil. - Make bridge users work again -- the move to v3 directories in 0.2.0.9-alpha had introduced a number of bugs that made bridges no longer work for clients. - When the clock jumps forward a lot, do not allow the bandwidth buckets to become negative. Bugfix on 0.1.2.x; fixes bug 544. o Major bugfixes (v3 dir, bugfixes on 0.2.0.9-alpha): - When the consensus lists a router descriptor that we previously were mirroring, but that we considered non-canonical, reload the descriptor as canonical. This fixes bug 543 where Tor servers would start complaining after a few days that they don't have enough directory information to build a circuit. - Consider replacing the current consensus when certificates arrive that make the pending consensus valid. Previously, we were only considering replacement when the new certs _didn't_ help. - Fix an assert error on startup if we didn't already have the consensus and certs cached in our datadirectory: we were caching the consensus in consensus_waiting_for_certs but then free'ing it right after. - Avoid sending a request for "keys/fp" (for which we'll get a 400 Bad Request) if we need more v3 certs but we've already got pending requests for all of them. - Correctly back off from failing certificate downloads. Fixes bug 546. - Authorities don't vote on the Running flag if they have been running for less than 30 minutes themselves. Fixes bug 547, where a newly started authority would vote that everyone was down. o New requirements: - Drop support for OpenSSL version 0.9.6. Just about nobody was using it, it had no AES, and it hasn't seen any security patches since 2004. o Minor features: - Clients now hold circuitless TLS connections open for 1.5 times MaxCircuitDirtiness (15 minutes), since it is likely that they'll rebuild a new circuit over them within that timeframe. Previously, they held them open only for KeepalivePeriod (5 minutes). - Use "If-Modified-Since" to avoid retrieving consensus networkstatuses that we already have. - When we have no consensus, check FallbackNetworkstatusFile (defaults to $PREFIX/share/tor/fallback-consensus) for a consensus. This way we start knowing some directory caches. - When we receive a consensus from the future, warn about skew. - Improve skew reporting: try to give the user a better log message about how skewed they are, and how much this matters. - When we have a certificate for an authority, believe that certificate's claims about the authority's IP address. - New --quiet command-line option to suppress the default console log. Good in combination with --hash-password. - Authorities send back an X-Descriptor-Not-New header in response to an accepted-but-discarded descriptor upload. Partially implements fix for bug 535. - Make the log message for "tls error. breaking." more useful. - Better log messages about certificate downloads, to attempt to track down the second incarnation of bug 546. o Minor features (bridges): - If bridge users set UpdateBridgesFromAuthority, but the digest they ask for is a 404 from the bridge authority, they now fall back to trying the bridge directly. - Bridges now use begin_dir to publish their server descriptor to the bridge authority, even when they haven't set TunnelDirConns. o Minor features (controller): - When reporting clock skew, and we know that the clock is _at least as skewed_ as some value, but we don't know the actual value, report the value as a "minimum skew." o Utilities: - Update linux-tor-prio.sh script to allow QoS based on the uid of the Tor process. Patch from Marco Bonetti with tweaks from Mike Perry. o Minor bugfixes: - Refuse to start if both ORPort and UseBridges are set. Bugfix on 0.2.0.x, suggested by Matt Edman. - Don't stop fetching descriptors when FetchUselessDescriptors is set, even if we stop asking for circuits. Bugfix on 0.1.2.x; reported by tup and ioerror. - Better log message on vote from unknown authority. - Don't log "Launching 0 request for 0 router" message. o Minor bugfixes (memory leaks): - Stop leaking memory every time we parse a v3 certificate. Bugfix on 0.2.0.1-alpha. - Stop leaking memory every time we load a v3 certificate. Bugfix on 0.2.0.1-alpha. Fixes Bug 536. - Stop leaking a cached networkstatus on exit. Bugfix on 0.2.0.3-alpha. - Stop leaking voter information every time we free a consensus. Bugfix on 0.2.0.3-alpha. - Stop leaking signed data every time we check a voter signature. Bugfix on 0.2.0.3-alpha. - Stop leaking a signature every time we fail to parse a consensus or a vote. Bugfix on 0.2.0.3-alpha. - Stop leaking v2_download_status_map on shutdown. Bugfix on 0.2.0.9-alpha. - Stop leaking conn->nickname every time we make a connection to a Tor relay without knowing its expected identity digest (e.g. when using bridges). Bugfix on 0.2.0.3-alpha. - Minor bugfixes (portability): - Run correctly on platforms where rlim_t is larger than unsigned long, and/or where the real limit for number of open files is OPEN_FILES, not rlim_max from getrlimit(RLIMIT_NOFILES). In particular, these may be needed for OS X 10.5.
Description: Digital signature