Tor 0.2.2.1-alpha disables ".exit" address notation by default, allows
Tor clients to bootstrap on networks where only port 80 is reachable,
makes it more straightforward to support hardware crypto accelerators,
and starts the groundwork for gathering stats safely at relays.
https://www.torproject.org/download.html.en
We've been improving our packages and bundles:
o Packaging changes:
- Upgrade Vidalia from 0.1.15 to 0.2.3 in the Windows and OS X
installer bundles. See
https://trac.vidalia-project.net/browser/vidalia/tags/vidalia-0.2.3/CHANGELOG
for details of what's new in Vidalia 0.2.3.
- Windows Vidalia Bundle: update Privoxy from 3.0.6 to 3.0.14-beta.
- OS X Vidalia Bundle: move to Polipo 1.0.4 with Tor specific
configuration file, rather than the old Privoxy.
- OS X Vidalia Bundle: Vidalia, Tor, and Polipo are compiled as
x86-only for better compatibility with OS X 10.6, aka Snow Leopard.
- OS X Tor Expert Bundle: Tor is compiled as x86-only for
better compatibility with OS X 10.6, aka Snow Leopard.
- OS X Vidalia Bundle: The multi-package installer is now replaced
by a simple drag and drop to the /Applications folder. This change
occurred with the upgrade to Vidalia 0.2.3.
Changes in version 0.2.2.1-alpha - 2009-08-26
o Security fixes:
- Start the process of disabling ".exit" address notation, since it
can be used for a variety of esoteric application-level attacks
on users. To reenable it, set "AllowDotExit 1" in your torrc. Fix
on 0.0.9rc5.
o New directory authorities:
- Set up urras (run by Jacob Appelbaum) as the seventh v3 directory
authority.
o Major features:
- New AccelName and AccelDir options add support for dynamic OpenSSL
hardware crypto acceleration engines.
- Tor now supports tunneling all of its outgoing connections over
a SOCKS proxy, using the SOCKS4Proxy and/or SOCKS5Proxy
configuration options. Code by Christopher Davis.
o Major bugfixes:
- Send circuit or stream sendme cells when our window has decreased
by 100 cells, not when it has decreased by 101 cells. Bug uncovered
by Karsten when testing the "reduce circuit window" performance
patch. Bugfix on the 54th commit on Tor -- from July 2002,
before the release of Tor 0.0.0. This is the new winner of the
oldest-bug prize.
o New options for gathering stats safely:
- Directories that set "DirReqStatistics 1" write statistics on
directory request to disk every 24 hours. As compared to the
--enable-geoip-stats flag in 0.2.1.x, there are a few improvements:
1) stats are written to disk exactly every 24 hours; 2) estimated
shares of v2 and v3 requests are determined as mean values, not at
the end of a measurement period; 3) unresolved requests are listed
with country code '??'; 4) directories also measure download times.
- Exit nodes that set "ExitPortStatistics 1" write statistics on the
number of exit streams and transferred bytes per port to disk every
24 hours.
- Relays that set "CellStatistics 1" write statistics on how long
cells spend in their circuit queues to disk every 24 hours.
- Entry nodes that set "EntryStatistics 1" write statistics on the
rough number and origins of connecting clients to disk every 24
hours.
- Relays that write any of the above statistics to disk and set
"ExtraInfoStatistics 1" include the past 24 hours of statistics in
their extra-info documents.
o Minor features:
- New --digests command-line switch to output the digests of the
source files Tor was built with.
- The "torify" script now uses torsocks where available.
- The memarea code now uses a sentinel value at the end of each area
to make sure nothing writes beyond the end of an area. This might
help debug some conceivable causes of bug 930.
- Time and memory units in the configuration file can now be set to
fractional units. For example, "2.5 GB" is now a valid value for
AccountingMax.
- Certain Tor clients (such as those behind check.torproject.org) may
want to fetch the consensus in an extra early manner. To enable this
a user may now set FetchDirInfoExtraEarly to 1. This also depends on
setting FetchDirInfoEarly to 1. Previous behavior will stay the same
as only certain clients who must have this information sooner should
set this option.
- Instead of adding the svn revision to the Tor version string, report
the git commit (when we're building from a git checkout).
o Minor bugfixes:
- If any the v3 certs we download are unparseable, we should actually
notice the failure so we don't retry indefinitely. Bugfix on
0.2.0.x; reported by "rotator".
- If the cached cert file is unparseable, warn but don't exit.
- Fix possible segmentation fault on directory authorities. Bugfix on
0.2.1.14-rc.
- When Tor fails to parse a descriptor of any kind, dump it to disk.
Might help diagnosing bug 1051.
o Deprecated and removed features:
- The controller no longer accepts the old obsolete "addr-mappings/"
or "unregistered-servers-" GETINFO values.
- Hidden services no longer publish version 0 descriptors, and clients
do not request or use version 0 descriptors. However, the old hidden
service authorities still accept and serve version 0 descriptors
when contacted by older hidden services/clients.
- The EXTENDED_EVENTS and VERBOSE_NAMES controller features are now
always on; using them is necessary for correct forward-compatible
controllers.
- Remove support for .noconnect style addresses. Nobody was using
them, and they provided another avenue for detecting Tor users
via application-level web tricks.
Attachment:
signature.asc
Description: Digital signature