This ninth development snapshot switches clients to the new v3 directory
system; allows servers to be listed in the network status even when they
have the same nickname as a registered server; and fixes many other bugs
including a big one that was causing some servers to disappear from the
network status lists for a few hours each day.
We've added Torbutton to the OS X bundles, so now the Windows and OS X
bundles include the new development Torbutton version 1.1.9.1. Bundle
users are encouraged to back up their Firefox settings before upgrading.
We also modified the default Privoxy config files in the bundles to
avoid some security problems, so make sure to leave "install Privoxy"
checked when you upgrade.
And last, we have a new URL:
https://www.torproject.org/download.html
Changes in version 0.2.0.9-alpha - 2007-10-24
o Major features (directory system):
- Clients now download v3 consensus networkstatus documents instead
of v2 networkstatus documents. Clients and caches now base their
opinions about routers on these consensus documents. Clients only
download router descriptors listed in the consensus.
- Authorities now list servers who have the same nickname as
a different named server, but list them with a new flag,
"Unnamed". Now we can list servers that happen to pick the same
nickname as a server that registered two years ago and then
disappeared. Partially implements proposal 122.
- If the consensus list a router as "Unnamed", the name is assigned
to a different router: do not identify the router by that name.
Partially implements proposal 122.
- Authorities can now come to a consensus on which method to use to
compute the consensus. This gives us forward compatibility.
o Major bugfixes:
- Stop publishing a new server descriptor just because we HUP or
when we find our DirPort to be reachable but won't actually publish
it. New descriptors without any real changes are dropped by the
authorities, and can screw up our "publish every 18 hours" schedule.
Bugfix on 0.1.2.x.
- When a router wasn't listed in a new networkstatus, we were leaving
the flags for that router alone -- meaning it remained Named,
Running, etc -- even though absence from the networkstatus means
that it shouldn't be considered to exist at all anymore. Now we
clear all the flags for routers that fall out of the networkstatus
consensus. Fixes bug 529; bugfix on 0.1.2.x.
- Fix awful behavior in DownloadExtraInfo option where we'd fetch
extrainfo documents and then discard them immediately for not
matching the latest router. Bugfix on 0.2.0.1-alpha.
o Minor features (v3 directory protocol):
- Allow tor-gencert to generate a new certificate without replacing
the signing key.
- Allow certificates to include an address.
- When we change our directory-cache settings, reschedule all voting
and download operations.
- Reattempt certificate downloads immediately on failure, as long as
we haven't failed a threshold number of times yet.
- Delay retrying consensus downloads while we're downloading
certificates to verify the one we just got. Also, count getting a
consensus that we already have (or one that isn't valid) as a failure,
and count failing to get the certificates after 20 minutes as a
failure.
- Build circuits and download descriptors even if our consensus is a
little expired. (This feature will go away once authorities are
more reliable.)
o Minor features (router descriptor cache):
- If we find a cached-routers file that's been sitting around for more
than 28 days unmodified, then most likely it's a leftover from
when we upgraded to 0.2.0.8-alpha. Remove it. It has no good
routers anyway.
- When we (as a cache) download a descriptor because it was listed
in a consensus, remember when the consensus was supposed to expire,
and don't expire the descriptor until then.
o Minor features (performance):
- Call routerlist_remove_old_routers() much less often. This should
speed startup, especially on directory caches.
- Don't try to launch new descriptor downloads quite so often when we
already have enough directory information to build circuits.
- Base64 decoding was actually showing up on our profile when parsing
the initial descriptor file; switch to an in-process all-at-once
implementation that's about 3.5x times faster than calling out to
OpenSSL.
o Minor features (compilation):
- Detect non-ASCII platforms (if any still exist) and refuse to
build there: some of our code assumes that 'A' is 65 and so on.
o Minor bugfixes (v3 directory authorities, bugfixes on 0.2.0.x):
- Make the "next period" votes into "current period" votes immediately
after publishing the consensus; avoid a heisenbug that made them
stick around indefinitely.
- When we discard a vote as a duplicate, do not report this as
an error.
- Treat missing v3 keys or certificates as an error when running as a
v3 directory authority.
- When we're configured to be a v3 authority, but we're only listed
as a non-v3 authority in our DirServer line for ourself, correct
the listing.
- If an authority doesn't have a qualified hostname, just put
its address in the vote. This fixes the problem where we referred to
"moria on moria:9031."
- Distinguish between detached signatures for the wrong period, and
detached signatures for a divergent vote.
- Fix a small memory leak when computing a consensus.
- When there's no concensus, we were forming a vote every 30
minutes, but writing the "valid-after" line in our vote based
on our configured V3AuthVotingInterval: so unless the intervals
matched up, we immediately rejected our own vote because it didn't
start at the voting interval that caused us to construct a vote.
o Minor bugfixes (v3 directory protocol, bugfixes on 0.2.0.x):
- Delete unverified-consensus when the real consensus is set.
- Consider retrying a consensus networkstatus fetch immediately
after one fails: don't wait 60 seconds to notice.
- When fetching a consensus as a cache, wait until a newer consensus
should exist before trying to replace the current one.
- Use a more forgiving schedule for retrying failed consensus
downloads than for other types.
o Minor bugfixes (other directory issues):
- Correct the implementation of "download votes by digest." Bugfix on
0.2.0.8-alpha.
- Authorities no longer send back "400 you're unreachable please fix
it" errors to Tor servers that aren't online all the time. We're
supposed to tolerate these servers now. Bugfix on 0.1.2.x.
o Minor bugfixes (controller):
- Don't reset trusted dir server list when we set a configuration
option. Patch from Robert Hogan; bugfix on 0.1.2.x.
- Respond to INT and TERM SIGNAL commands before we execute the
signal, in case the signal shuts us down. We had a patch in
0.1.2.1-alpha that tried to do this by queueing the response on
the connection's buffer before shutting down, but that really
isn't the same thing at all. Bug located by Matt Edman.
o Minor bugfixes (misc):
- Correctly check for bad options to the "PublishServerDescriptor"
config option. Bugfix on 0.2.0.1-alpha; reported by Matt Edman.
- Stop leaking memory on failing case of base32_decode, and make
it accept upper-case letters. Bugfixes on 0.2.0.7-alpha.
- Don't try to download extrainfo documents when we're trying to
fetch enough directory info to build a circuit: having enough
info should get priority. Bugfix on 0.2.0.x.
- Don't complain that "your server has not managed to confirm that its
ports are reachable" if we haven't been able to build any circuits
yet. Bug found by spending four hours without a v3 consensus. Bugfix
on 0.1.2.x.
- Detect the reason for failing to mmap a descriptor file we just
wrote, and give a more useful log message. Fixes bug 533. Bugfix
on 0.1.2.x.
o Code simplifications and refactoring:
- Remove support for the old bw_accounting file: we've been storing
bandwidth accounting information in the state file since
0.1.2.5-alpha. This may result in bandwidth accounting errors
if you try to upgrade from 0.1.1.x or earlier, or if you try to
downgrade to 0.1.1.x or earlier.
- New convenience code to locate a file within the DataDirectory.
- Move non-authority functionality out of dirvote.c.
- Refactor the arguments for router_pick_{directory_|trusteddir}server
so that they all take the same named flags.
o Utilities
- Include the "tor-ctrl.sh" bash script by Stefan Behte to provide
Unix users an easy way to script their Tor process (e.g. by
adjusting bandwidth based on the time of the day).
Attachment:
signature.asc
Description: Digital signature