Tor 0.2.1.5-alpha moves us closer to handling IPv6 destinations,
puts in a lot of the infrastructure for adding authorization to hidden
services, lays the groundwork for having clients read their load balancing
information out of the networkstatus consensus rather than the individual
router descriptors, addresses two potential anonymity issues, and fixes
a variety of smaller issues.
This development release has a known bug when you configure it to use
bridge relays; we recommend that bridge users wait for the next release.
https://www.torproject.org/download.html.en
Changes in version 0.2.1.5-alpha - 2008-08-31
o Major features:
- Convert many internal address representations to optionally hold
IPv6 addresses.
- Generate and accept IPv6 addresses in many protocol elements.
- Make resolver code handle nameservers located at ipv6 addresses.
- Begin implementation of proposal 121 ("Client authorization for
hidden services"): configure hidden services with client
authorization, publish descriptors for them, and configure
authorization data for hidden services at clients. The next
step is to actually access hidden services that perform client
authorization.
- More progress toward proposal 141: Network status consensus
documents and votes now contain bandwidth information for each
router and a summary of that router's exit policy. Eventually this
will be used by clients so that they do not have to download every
known descriptor before building circuits.
o Major bugfixes (on 0.2.0.x and before):
- When sending CREATED cells back for a given circuit, use a 64-bit
connection ID to find the right connection, rather than an addr:port
combination. Now that we can have multiple OR connections between
the same ORs, it is no longer possible to use addr:port to uniquely
identify a connection.
- Relays now reject risky extend cells: if the extend cell includes
a digest of all zeroes, or asks to extend back to the relay that
sent the extend cell, tear down the circuit. Ideas suggested
by rovv.
- If not enough of our entry guards are available so we add a new
one, we might use the new one even if it overlapped with the
current circuit's exit relay (or its family). Anonymity bugfix
pointed out by rovv.
o Minor bugfixes:
- Recover 3-7 bytes that were wasted per memory chunk. Fixes bug
794; bug spotted by rovv. Bugfix on 0.2.0.1-alpha.
- When using the TransPort option on OpenBSD, and using the User
option to change UID and drop privileges, make sure to open /dev/pf
before dropping privileges. Fixes bug 782. Patch from Christopher
Davis. Bugfix on 0.1.2.1-alpha.
- Correctly detect the presence of the linux/netfilter_ipv4.h header
when building against recent kernels. Bugfix on 0.1.2.1-alpha.
- Add a missing safe_str() call for a debug log message.
- Use 64 bits instead of 32 bits for connection identifiers used with
the controller protocol, to greatly reduce risk of identifier reuse.
- Make the autoconf script accept the obsolete --with-ssl-dir
option as an alias for the actually-working --with-openssl-dir
option. Fix the help documentation to recommend --with-openssl-dir.
Based on a patch by "Dave". Bugfix on 0.2.0.1-alpha.
o Minor features:
- Rate-limit too-many-sockets messages: when they happen, they happen
a lot. Resolves bug 748.
- Resist DNS poisoning a little better by making sure that names in
answer sections match.
- Print the SOCKS5 error message string as well as the error code
when a tor-resolve request fails. Patch from Jacob.
Attachment:
signature.asc
Description: Digital signature