mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 15:43:32 +01:00
fold in changes for 0.2.4.10-alpha
This commit is contained in:
parent
12f2d986f3
commit
03bdb4d5ce
138
ChangeLog
138
ChangeLog
@ -1,4 +1,140 @@
|
|||||||
Changes in version 0.2.4.10-alpha - 2013-0?-??
|
Changes in version 0.2.4.10-alpha - 2013-02-04
|
||||||
|
Tor 0.2.4.10-alpha adds defenses at the directory authority level from
|
||||||
|
certain attacks that flood the network with relays; changes the queue
|
||||||
|
for circuit create requests from a sized-based limit to a time-based
|
||||||
|
limit; resumes building with MSVC on Windows; and fixes a wide variety
|
||||||
|
of other issues.
|
||||||
|
|
||||||
|
o Major bugfixes (directory authority):
|
||||||
|
- When computing directory thresholds, ignore any rejected-as-sybil
|
||||||
|
nodes during the computation so that they can't influence Fast,
|
||||||
|
Guard, etc. (We shoud have done this for proposal 109.) Fixes
|
||||||
|
bug 8146.
|
||||||
|
- When marking a node as a likely sybil, reset its uptime metrics
|
||||||
|
to zero, so that it cannot time towards getting marked as Guard,
|
||||||
|
Stable, or HSDir. (We shoud have done this for proposal 109.) Fixes
|
||||||
|
bug 8147.
|
||||||
|
|
||||||
|
o Major bugfixes:
|
||||||
|
- When a TLS write is partially successful but incomplete, remember
|
||||||
|
that the flushed part has been flushed, and notice that bytes were
|
||||||
|
actually written. Reported and fixed pseudonymously. Fixes bug
|
||||||
|
7708; bugfix on Tor 0.1.0.5-rc.
|
||||||
|
- Reject bogus create and relay cells with 0 circuit ID or 0 stream
|
||||||
|
ID: these could be used to create unexpected streams and circuits
|
||||||
|
which would count as "present" to some parts of Tor but "absent"
|
||||||
|
to others, leading to zombie circuits and streams or to a bandwidth
|
||||||
|
denial-of-service. Fixes bug 7889; bugfix on every released version
|
||||||
|
of Tor. Reported by "oftc_must_be_destroyed".
|
||||||
|
- Rename all macros in our local copy of queue.h to begin with "TOR_".
|
||||||
|
This change seems the only good way to permanently prevent conflicts
|
||||||
|
with queue.h on various operating systems. Fixes bug 8107; bugfix
|
||||||
|
on 0.2.4.6-alpha.
|
||||||
|
|
||||||
|
o Major features (relay):
|
||||||
|
- Instead of limiting the number of queued onionskins (aka circuit
|
||||||
|
create requests) to a fixed, hard-to-configure number, we limit
|
||||||
|
the size of the queue based on how many we expect to be able to
|
||||||
|
process in a given amount of time. We estimate the time it will
|
||||||
|
take to process an onionskin based on average processing time
|
||||||
|
of previous onionskins. Closes ticket 7291. You'll never have to
|
||||||
|
configure MaxOnionsPending again.
|
||||||
|
|
||||||
|
o Major features (portability):
|
||||||
|
- Resume building correctly with MSVC and Makefile.nmake. This patch
|
||||||
|
resolves numerous bugs and fixes reported by ultramage, including
|
||||||
|
7305, 7308, 7309, 7310, 7312, 7313, 7315, 7316, and 7669.
|
||||||
|
- Make the ntor and curve25519 code build correctly with MSVC.
|
||||||
|
Fix on 0.2.4.8-alpha.
|
||||||
|
|
||||||
|
o Minor features:
|
||||||
|
- When directory authorities are computing thresholds for flags,
|
||||||
|
never let the threshold for the Fast flag fall below 4096
|
||||||
|
bytes. Also, do not consider nodes with extremely low bandwidths
|
||||||
|
when deciding thresholds for various directory flags. This change
|
||||||
|
should raise our threshold for Fast relays, possibly in turn
|
||||||
|
improving overall network performance; see ticket 1854. Resolves
|
||||||
|
ticket 8145.
|
||||||
|
- The Tor client now ignores sub-domain components of a .onion
|
||||||
|
address. This change makes HTTP "virtual" hosting
|
||||||
|
possible: http://foo.aaaaaaaaaaaaaaaa.onion/ and
|
||||||
|
http://bar.aaaaaaaaaaaaaaaa.onion/ can be two different websites
|
||||||
|
hosted on the same hidden service. Implements proposal 204.
|
||||||
|
- We compute the overhead from passing onionskins back and forth to
|
||||||
|
cpuworkers, and report it when dumping statistics in response to
|
||||||
|
SIGUSR1. Supports ticket 7291.
|
||||||
|
|
||||||
|
o Minor features (path selection):
|
||||||
|
- When deciding whether we have enough descriptors to build circuits,
|
||||||
|
instead of looking at raw relay counts, look at which fraction
|
||||||
|
of (bandwidth-weighted) paths we're able to build. This approach
|
||||||
|
keeps clients from building circuits if their paths are likely to
|
||||||
|
stand out statistically. The default fraction of paths needed is
|
||||||
|
taken from the consensus directory; you can override it with the
|
||||||
|
new PathsNeededToBuildCircuits option. Fixes ticket 5956.
|
||||||
|
- When any country code is listed in ExcludeNodes or ExcludeExitNodes,
|
||||||
|
and we have GeoIP information, also exclude all nodes with unknown
|
||||||
|
countries "??" and "A1". This behavior is controlled by the
|
||||||
|
new GeoIPExcludeUnknown option: you can make such nodes always
|
||||||
|
excluded with "GeoIPExcludeUnknown 1", and disable the feature
|
||||||
|
with "GeoIPExcludeUnknown 0". Setting "GeoIPExcludeUnknown auto"
|
||||||
|
gets you the default behavior. Implements feature 7706.
|
||||||
|
- Path Use Bias: Perform separate accounting for successful circuit
|
||||||
|
use. Keep separate statistics on stream attempt rates versus stream
|
||||||
|
success rates for each guard. Provide configurable thresholds to
|
||||||
|
determine when to emit log messages or disable use of guards that
|
||||||
|
fail too many stream attempts. Resolves ticket 7802.
|
||||||
|
|
||||||
|
o Minor features (log messages):
|
||||||
|
- When learning a fingerprint for a bridge, log its corresponding
|
||||||
|
transport type. Implements ticket 7896.
|
||||||
|
- Improve the log message when "Bug/attack: unexpected sendme cell
|
||||||
|
from client" occurs, to help us track bug 8093.
|
||||||
|
|
||||||
|
o Minor bugfixes:
|
||||||
|
- Remove a couple of extraneous semicolons that were upsetting the
|
||||||
|
cparser library. Patch by Christian Grothoff. Fixes bug 7115;
|
||||||
|
bugfix on 0.2.2.1-alpha.
|
||||||
|
- Remove a source of rounding error during path bias count scaling;
|
||||||
|
don't count cannibalized circuits as used for path bias until we
|
||||||
|
actually try to use them; and fix a circuit_package_relay_cell()
|
||||||
|
warning message about n_chan==NULL. Fixes bug 7802.
|
||||||
|
- Detect nacl when its headers are in a nacl/ subdirectory. Also,
|
||||||
|
actually link against nacl when we're configured to use it. Fixes
|
||||||
|
bug 7972; bugfix on 0.2.4.8-alpha.
|
||||||
|
- Compile correctly with the --disable-curve25519 option. Fixes
|
||||||
|
bug 8153; bugfix on 0.2.4.8-alpha.
|
||||||
|
|
||||||
|
o Build improvements:
|
||||||
|
- Do not report status verbosely from autogen.sh unless the -v flag
|
||||||
|
is specified. Fixes issue 4664. Patch from Onizuka.
|
||||||
|
- Replace all calls to snprintf() outside of src/ext with
|
||||||
|
tor_snprintf(). Also remove the #define to replace snprintf with
|
||||||
|
_snprintf on Windows; they have different semantics, and all of
|
||||||
|
our callers should be using tor_snprintf() anyway. Fixes bug 7304.
|
||||||
|
- Try to detect if we are ever building on a platform where
|
||||||
|
memset(...,0,...) does not set the value of a double to 0.0. Such
|
||||||
|
platforms are permitted by the C standard, though in practice
|
||||||
|
they're pretty rare (since IEEE 754 is nigh-ubiquitous). We don't
|
||||||
|
currently support them, but it's better to detect them and fail
|
||||||
|
than to perform erroneously.
|
||||||
|
|
||||||
|
o Removed features:
|
||||||
|
- Stop exporting estimates of v2 and v3 directory traffic shares
|
||||||
|
in extrainfo documents. They were unneeded and sometimes inaccurate.
|
||||||
|
Also stop exporting any v2 directory request statistics. Resolves
|
||||||
|
ticket 5823.
|
||||||
|
- Drop support for detecting and warning about versions of Libevent
|
||||||
|
before 1.3e. Nothing reasonable ships with them any longer;
|
||||||
|
warning the user about them shouldn't be needed. Resolves ticket
|
||||||
|
6826.
|
||||||
|
|
||||||
|
o Code simplifications and refactoring:
|
||||||
|
- Rename "isin" functions to "contains", for grammar. Resolves
|
||||||
|
ticket 5285.
|
||||||
|
- Rename Tor's logging function log() to tor_log(), to avoid conflicts
|
||||||
|
with the natural logarithm function from the system libm. Resolves
|
||||||
|
ticket 7599.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.4.9-alpha - 2013-01-15
|
Changes in version 0.2.4.9-alpha - 2013-01-15
|
||||||
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features (build):
|
|
||||||
- Do not report status verbosely from autogen.sh unless the -v flag
|
|
||||||
is specified. Fixes issue 4664. Patch from Onizuka.
|
|
||||||
|
|
@ -1,7 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Replace all calls to snprintf outside of src/ext with tor_snprintf.
|
|
||||||
Fix for bug 7304.
|
|
||||||
o Code simplification and refactoring:
|
|
||||||
- Remove the #define to replace snprintf with _snprintf on windows;
|
|
||||||
they have different semantics, and all of our callers should be
|
|
||||||
using tor_snprintf anyway. Partial fix for bug 7304.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Removed featurs:
|
|
||||||
- Stop exporting estimates of v2 and v3 directory traffic shares
|
|
||||||
in extrainfo documents. They were unneeded and sometimes inaccurate.
|
|
||||||
Also stop exporting any v2 directory request statistics. Resolves
|
|
||||||
ticket 5823.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Removed features:
|
|
||||||
- Drop support for detecting and warning about versions of Libevent
|
|
||||||
before 1.3e. Nothing reasonable ships with them any longer;
|
|
||||||
warning the user about them shouldn't be needed. Resolves ticket
|
|
||||||
6826.
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor bugfixes (portability)
|
|
||||||
- Remove a couple of extraneous semicolos that were upsetting the
|
|
||||||
cparser library. Patch by Christian Grothoff. Fixes bug 7115;
|
|
||||||
bugfix on 0.2.2.1-alpha.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Major bugfixes:
|
|
||||||
- When a TLS write is partially successful but incomplete, remember
|
|
||||||
that the flushed part has been flushed, and notice that bytes were
|
|
||||||
actually written. Reported and fixed pseudonymously. Fixes bug
|
|
||||||
7708; bugfix on Tor 0.1.0.5-rc.
|
|
@ -1,11 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Path Use Bias: Perform separate accounting for successful circuit use.
|
|
||||||
Separate statistics on stream attempt versus success rates are kept
|
|
||||||
for each guard. Configurable thresholds are provided to determine
|
|
||||||
when to emit log messages or disable use of guards that fail too
|
|
||||||
many stream attempts.
|
|
||||||
o Minor bugfixes:
|
|
||||||
- Remove a source of rounding error during path bias count scaling.
|
|
||||||
- Don't count cannibalized circuits as used for path bias until we
|
|
||||||
actually try to use them.
|
|
||||||
- Fix circuit_package_relay_cell warning message about n_chan==NULL.
|
|
@ -1,8 +0,0 @@
|
|||||||
o Major bugfixes:
|
|
||||||
- Reject bogus create and relay cells with 0 circuit ID or 0 stream
|
|
||||||
ID: these could be used to create unexpected streams and circuits
|
|
||||||
which would count as "present" to some parts of Tor but "absent"
|
|
||||||
to others, leading to zombie circuits and streams or to a
|
|
||||||
bandwidth DOS. Fixes bug 7889; bugfix on every released version of
|
|
||||||
Tor. Reported by "oftc_must_be_destroyed".
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- When learning a fingerprint for a bridge, log its corresponding
|
|
||||||
transport type. Implements ticket 7896.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Detect nacl when its headers are in a nacl/ subdirectory. Fixes bug
|
|
||||||
7972; bugfix on 0.2.4.8-alpha.
|
|
||||||
- Actually link against nacl when we're configured to use it. Fixes bug
|
|
||||||
7972; bugfix on 0.2.4.8-alpha.
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Improve the log message when "Bug/attack: unexpected sendme cell
|
|
||||||
from client" occurs, to help us track bug 8093.
|
|
||||||
|
|
@ -1,13 +0,0 @@
|
|||||||
o Major bugfixes (security, directory authority):
|
|
||||||
- When computing directory thresholds, ignore any rejected-as-sybil
|
|
||||||
nodes during the computation so that they can't influence Fast,
|
|
||||||
Guard, etc. Fixes bug 8146.
|
|
||||||
|
|
||||||
- When computing thresholds for flags, never let the threshold for
|
|
||||||
the Fast flag to 4096 bytes. Fixes bug 8145.
|
|
||||||
- Do not consider nodes with extremely low bandwidths when deciding
|
|
||||||
thresholds for various directory flags. Another fix for 8145.
|
|
||||||
|
|
||||||
- When marking a node as a likely sybil, reset its uptime metrics
|
|
||||||
to zero, so that it cannot time towards getting marked as Guard,
|
|
||||||
Stable, or HSDir. Fix for bug 8147.
|
|
@ -1,3 +0,0 @@
|
|||||||
o Minor bugfixes:
|
|
||||||
- Compile correctly with the --disable-curve25519 option. Fix for
|
|
||||||
bug 8153; bugfix on 0.2.4.8-alpha.
|
|
@ -1,4 +0,0 @@
|
|||||||
o Features (portability):
|
|
||||||
- Build correctly with MSVC and Makefile.nmake. This resolves
|
|
||||||
numerous bugs and fixes reported by ultramage, including 7305,
|
|
||||||
7308, 7309, 7310, 7312, 7313, 7315, 7316, and 7669.
|
|
@ -1,8 +0,0 @@
|
|||||||
o Build improvements (bizarre platform detection):
|
|
||||||
- Try to detect it if we are ever building on a platform where
|
|
||||||
memset(...,0,...) does not set the value of a double to 0.0. Such
|
|
||||||
platforms are permitted by the C standard, though in practice
|
|
||||||
they're pretty rare (since IEEE 754 is nigh-ubiquitous). We don't
|
|
||||||
currently support them, but it's better to detect them and fail
|
|
||||||
than to perform erroneously.
|
|
||||||
|
|
@ -1,8 +0,0 @@
|
|||||||
o Major features:
|
|
||||||
- When deciding whether we have enough descriptors to build circuits,
|
|
||||||
instead of looking at raw circuit counts, look at which fraction of
|
|
||||||
(bandwidth-weighted) paths we're able to build. This approach keeps
|
|
||||||
clients from building circuits if their paths are likely to stand out
|
|
||||||
statistically. The default fraction of paths needed is taken from the
|
|
||||||
consensus directory; you can override it with the new
|
|
||||||
PathsNeededToBuildCircuits option. Fixes issue 5956.
|
|
@ -1,9 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- When any country code is listed in ExcludeNodes or
|
|
||||||
ExcludeExitNodes, and we have GeoIP information, also exclude
|
|
||||||
all nodes with unknown countries ({??} and {A1} if
|
|
||||||
present). This behavior is controlled by the new
|
|
||||||
GeoIPExcludeUnknown option: you can make such nodes always
|
|
||||||
excluded with 'GeoIPExcludeUnknown 1', and disable the feature
|
|
||||||
with 'GeoIPExcludeUnknown 0'. Setting 'GeoIPExcludeUnknown auto'
|
|
||||||
gets you the default behavior. Implements feature 7706.
|
|
@ -1,6 +0,0 @@
|
|||||||
o Build fixes (MSVC):
|
|
||||||
- Correctly define HAVE_EVENT_BASE_LOOPEXIT, since we only build
|
|
||||||
with MSVC when using Libevent 2.0 or later. Fixes bug 7308.
|
|
||||||
Reported by "ultramage".
|
|
||||||
- Make the ntor and curve25519 code build correctly with MSVC.
|
|
||||||
Fix on 0.2.4.8-alpha.
|
|
@ -1,5 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Ignore sub-domain components of a .onion address. This makes HTTP "virtual"
|
|
||||||
hosting possible: http://foo.aaaaaaaaaaaaaaaa.onion/ and
|
|
||||||
http//bar.aaaaaaaaaaaaaaaa.onion/ can be two different websites hosted at
|
|
||||||
the same location. Implements proposal 204.
|
|
@ -1,2 +0,0 @@
|
|||||||
o Code simplifications and refactoring:
|
|
||||||
- Rename "isin" functions to "contains", for grammar. Fixes ticket 5285.
|
|
@ -1,4 +0,0 @@
|
|||||||
o Code simplification and refactoring:
|
|
||||||
- Rename Tor's logging function log() to tor_log(), to avoid conflicts
|
|
||||||
with the natural logarithm function from the system libm. Resolves
|
|
||||||
ticket 7599.
|
|
@ -1,6 +0,0 @@
|
|||||||
o Major bugfixes:
|
|
||||||
- Rename all macros in our local copy of queue.h to begin with TOR_;
|
|
||||||
this seems the only good way to permanently prevent conflicts
|
|
||||||
with queue.h on various operating systems. Fixes bug 8107; bugfix on
|
|
||||||
0.2.4.6-alpha.
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
|||||||
o Minor features (relay):
|
|
||||||
- Instead of limiting the number of queued onionskins to a configured,
|
|
||||||
hard-to-configure number, we limit the size of the queue based on how
|
|
||||||
many we expect to be able to process in a given amount of time. We
|
|
||||||
estimate the time it will take to process an onionskin based on average
|
|
||||||
processing time of previous onionskins. Closes ticket 7291. You'll
|
|
||||||
never have to configure MaxOnionsPending again.
|
|
||||||
|
|
||||||
- We compute the overhead from passing onionskins back and forth to
|
|
||||||
cpuworkers, and report it when dumping statistics in response to
|
|
||||||
SIGUSR1.
|
|
Loading…
Reference in New Issue
Block a user