Tor 0.2.2.16-alpha fixes a variety of old stream fairness bugs (most
evident at exit relays), and also continues to resolve all the little
bugs that have been filling up trac lately.
https://www.torproject.org/download.html.en
Packages will be appearing over the next few days or weeks (except
on Windows, which apparently doesn't build -- stay tuned for an
0.2.2.17-alpha in that case).
Changes in version 0.2.2.16-alpha - 2010-09-17
o Major bugfixes (stream-level fairness):
- When receiving a circuit-level SENDME for a blocked circuit, try
to package cells fairly from all the streams that had previously
been blocked on that circuit. Previously, we had started with the
oldest stream, and allowed each stream to potentially exhaust
the circuit's package window. This gave older streams on any
given circuit priority over newer ones. Fixes bug 1937. Detected
originally by Camilo Viecco. This bug was introduced before the
first Tor release, in svn commit r152: it is the new winner of
the longest-lived bug prize.
- When the exit relay got a circuit-level sendme cell, it started
reading on the exit streams, even if had 500 cells queued in the
circuit queue already, so the circuit queue just grew and grew in
some cases. We fix this by not re-enabling reading on receipt of a
sendme cell when the cell queue is blocked. Fixes bug 1653. Bugfix
on 0.2.0.1-alpha. Detected by Mashael AlSabah. Original patch by
"yetonetime".
- Newly created streams were allowed to read cells onto circuits,
even if the circuit's cell queue was blocked and waiting to drain.
This created potential unfairness, as older streams would be
blocked, but newer streams would gladly fill the queue completely.
We add code to detect this situation and prevent any stream from
getting more than one free cell. Bugfix on 0.2.0.1-alpha. Partially
fixes bug 1298.
o Minor features:
- Update to the September 1 2010 Maxmind GeoLite Country database.
- Warn when CookieAuthFileGroupReadable is set but CookieAuthFile is
not. This would lead to a cookie that is still not group readable.
Closes bug 1843. Suggested by katmagic.
- When logging a rate-limited warning, we now mention how many messages
got suppressed since the last warning.
- Add new "perconnbwrate" and "perconnbwburst" consensus params to
do individual connection-level rate limiting of clients. The torrc
config options with the same names trump the consensus params, if
both are present. Replaces the old "bwconnrate" and "bwconnburst"
consensus params which were broken from 0.2.2.7-alpha through
0.2.2.14-alpha. Closes bug 1947.
- When a router changes IP address or port, authorities now launch
a new reachability test for it. Implements ticket 1899.
- Make the formerly ugly "2 unknown, 7 missing key, 0 good, 0 bad,
2 no signature, 4 required" messages about consensus signatures
easier to read, and make sure they get logged at the same severity
as the messages explaining which keys are which. Fixes bug 1290.
- Don't warn when we have a consensus that we can't verify because
of missing certificates, unless those certificates are ones
that we have been trying and failing to download. Fixes bug 1145.
- If you configure your bridge with a known identity fingerprint,
and the bridge authority is unreachable (as it is in at least
one country now), fall back to directly requesting the descriptor
from the bridge. Finishes the feature started in 0.2.0.10-alpha;
closes bug 1138.
- When building with --enable-gcc-warnings on OpenBSD, disable
warnings in system headers. This makes --enable-gcc-warnings
pass on OpenBSD 4.8.
o Minor bugfixes (on 0.2.1.x and earlier):
- Authorities will now attempt to download consensuses if their
own efforts to make a live consensus have failed. This change
means authorities that restart will fetch a valid consensus, and
it means authorities that didn't agree with the current consensus
will still fetch and serve it if it has enough signatures. Bugfix
on 0.2.0.9-alpha; fixes bug 1300.
- Ensure DNS requests launched by "RESOLVE" commands from the
controller respect the __LeaveStreamsUnattached setconf options. The
same goes for requests launched via DNSPort or transparent
proxying. Bugfix on 0.2.0.1-alpha; fixes bug 1525.
- Allow handshaking OR connections to take a full KeepalivePeriod
seconds to handshake. Previously, we would close them after
IDLE_OR_CONN_TIMEOUT (180) seconds, the same timeout as if they
were open. Bugfix on 0.2.1.26; fixes bug 1840. Thanks to mingw-san
for analysis help.
- Rate-limit "Failed to hand off onionskin" warnings.
- Never relay a cell for a circuit we have already destroyed.
Between marking a circuit as closeable and finally closing it,
it may have been possible for a few queued cells to get relayed,
even though they would have been immediately dropped by the next
OR in the circuit. Fixes bug 1184; bugfix on 0.2.0.1-alpha.
- Never queue a cell for a circuit that's already been marked
for close.
- Never vote for a server as "Running" if we have a descriptor for
it claiming to be hibernating, and that descriptor was published
more recently than our last contact with the server. Bugfix on
0.2.0.3-alpha; fixes bug 911.
- Squash a compile warning on OpenBSD. Reported by Tas; fixes
bug 1848.
o Minor bugfixes (on 0.2.2.x):
- Fix a regression introduced in 0.2.2.7-alpha that marked relays
down if a directory fetch fails and you've configured either
bridges or EntryNodes. The intent was to mark the relay as down
_unless_ you're using bridges or EntryNodes, since if you are
then you could quickly run out of entry points.
- Fix the Windows directory-listing code. A bug introduced in
0.2.2.14-alpha could make Windows directory servers forget to load
some of their cached v2 networkstatus files.
- Really allow clients to use relays as bridges. Fixes bug 1776;
bugfix on 0.2.2.15-alpha.
- Demote a warn to info that happens when the CellStatistics option
was just enabled. Bugfix on 0.2.2.15-alpha; fixes bug 1921.
Reported by Moritz Bartl.
- On Windows, build correctly either with or without Unicode support.
This is necessary so that Tor can support fringe platforms like
Windows 98 (which has no Unicode), or Windows CE (which has no
non-Unicode). Bugfix on 0.2.2.14-alpha; fixes bug 1797.
o Testing
- Add a unit test for cross-platform directory-listing code.
Attachment:
signature.asc
Description: Digital signature