Tor 0.2.1.5-alpha moves us closer to handling IPv6 destinations, puts in a lot of the infrastructure for adding authorization to hidden services, lays the groundwork for having clients read their load balancing information out of the networkstatus consensus rather than the individual router descriptors, addresses two potential anonymity issues, and fixes a variety of smaller issues. This development release has a known bug when you configure it to use bridge relays; we recommend that bridge users wait for the next release. https://www.torproject.org/download.html.en Changes in version 0.2.1.5-alpha - 2008-08-31 o Major features: - Convert many internal address representations to optionally hold IPv6 addresses. - Generate and accept IPv6 addresses in many protocol elements. - Make resolver code handle nameservers located at ipv6 addresses. - Begin implementation of proposal 121 ("Client authorization for hidden services"): configure hidden services with client authorization, publish descriptors for them, and configure authorization data for hidden services at clients. The next step is to actually access hidden services that perform client authorization. - More progress toward proposal 141: Network status consensus documents and votes now contain bandwidth information for each router and a summary of that router's exit policy. Eventually this will be used by clients so that they do not have to download every known descriptor before building circuits. o Major bugfixes (on 0.2.0.x and before): - When sending CREATED cells back for a given circuit, use a 64-bit connection ID to find the right connection, rather than an addr:port combination. Now that we can have multiple OR connections between the same ORs, it is no longer possible to use addr:port to uniquely identify a connection. - Relays now reject risky extend cells: if the extend cell includes a digest of all zeroes, or asks to extend back to the relay that sent the extend cell, tear down the circuit. Ideas suggested by rovv. - If not enough of our entry guards are available so we add a new one, we might use the new one even if it overlapped with the current circuit's exit relay (or its family). Anonymity bugfix pointed out by rovv. o Minor bugfixes: - Recover 3-7 bytes that were wasted per memory chunk. Fixes bug 794; bug spotted by rovv. Bugfix on 0.2.0.1-alpha. - When using the TransPort option on OpenBSD, and using the User option to change UID and drop privileges, make sure to open /dev/pf before dropping privileges. Fixes bug 782. Patch from Christopher Davis. Bugfix on 0.1.2.1-alpha. - Correctly detect the presence of the linux/netfilter_ipv4.h header when building against recent kernels. Bugfix on 0.1.2.1-alpha. - Add a missing safe_str() call for a debug log message. - Use 64 bits instead of 32 bits for connection identifiers used with the controller protocol, to greatly reduce risk of identifier reuse. - Make the autoconf script accept the obsolete --with-ssl-dir option as an alias for the actually-working --with-openssl-dir option. Fix the help documentation to recommend --with-openssl-dir. Based on a patch by "Dave". Bugfix on 0.2.0.1-alpha. o Minor features: - Rate-limit too-many-sockets messages: when they happen, they happen a lot. Resolves bug 748. - Resist DNS poisoning a little better by making sure that names in answer sections match. - Print the SOCKS5 error message string as well as the error code when a tor-resolve request fails. Patch from Jacob.
Description: Digital signature