mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 13:53:31 +01:00
fold in changes for 0.2.4.10-alpha
This commit is contained in:
parent
12f2d986f3
commit
03bdb4d5ce
138
ChangeLog
138
ChangeLog
@ -1,4 +1,140 @@
|
||||
Changes in version 0.2.4.10-alpha - 2013-0?-??
|
||||
Changes in version 0.2.4.10-alpha - 2013-02-04
|
||||
Tor 0.2.4.10-alpha adds defenses at the directory authority level from
|
||||
certain attacks that flood the network with relays; changes the queue
|
||||
for circuit create requests from a sized-based limit to a time-based
|
||||
limit; resumes building with MSVC on Windows; and fixes a wide variety
|
||||
of other issues.
|
||||
|
||||
o Major bugfixes (directory authority):
|
||||
- When computing directory thresholds, ignore any rejected-as-sybil
|
||||
nodes during the computation so that they can't influence Fast,
|
||||
Guard, etc. (We shoud have done this for proposal 109.) Fixes
|
||||
bug 8146.
|
||||
- When marking a node as a likely sybil, reset its uptime metrics
|
||||
to zero, so that it cannot time towards getting marked as Guard,
|
||||
Stable, or HSDir. (We shoud have done this for proposal 109.) Fixes
|
||||
bug 8147.
|
||||
|
||||
o Major bugfixes:
|
||||
- When a TLS write is partially successful but incomplete, remember
|
||||
that the flushed part has been flushed, and notice that bytes were
|
||||
actually written. Reported and fixed pseudonymously. Fixes bug
|
||||
7708; bugfix on Tor 0.1.0.5-rc.
|
||||
- Reject bogus create and relay cells with 0 circuit ID or 0 stream
|
||||
ID: these could be used to create unexpected streams and circuits
|
||||
which would count as "present" to some parts of Tor but "absent"
|
||||
to others, leading to zombie circuits and streams or to a bandwidth
|
||||
denial-of-service. Fixes bug 7889; bugfix on every released version
|
||||
of Tor. Reported by "oftc_must_be_destroyed".
|
||||
- Rename all macros in our local copy of queue.h to begin with "TOR_".
|
||||
This change seems the only good way to permanently prevent conflicts
|
||||
with queue.h on various operating systems. Fixes bug 8107; bugfix
|
||||
on 0.2.4.6-alpha.
|
||||
|
||||
o Major features (relay):
|
||||
- Instead of limiting the number of queued onionskins (aka circuit
|
||||
create requests) to a fixed, hard-to-configure number, we limit
|
||||
the size of the queue based on how many we expect to be able to
|
||||
process in a given amount of time. We estimate the time it will
|
||||
take to process an onionskin based on average processing time
|
||||
of previous onionskins. Closes ticket 7291. You'll never have to
|
||||
configure MaxOnionsPending again.
|
||||
|
||||
o Major features (portability):
|
||||
- Resume building correctly with MSVC and Makefile.nmake. This patch
|
||||
resolves numerous bugs and fixes reported by ultramage, including
|
||||
7305, 7308, 7309, 7310, 7312, 7313, 7315, 7316, and 7669.
|
||||
- Make the ntor and curve25519 code build correctly with MSVC.
|
||||
Fix on 0.2.4.8-alpha.
|
||||
|
||||
o Minor features:
|
||||
- When directory authorities are computing thresholds for flags,
|
||||
never let the threshold for the Fast flag fall below 4096
|
||||
bytes. Also, do not consider nodes with extremely low bandwidths
|
||||
when deciding thresholds for various directory flags. This change
|
||||
should raise our threshold for Fast relays, possibly in turn
|
||||
improving overall network performance; see ticket 1854. Resolves
|
||||
ticket 8145.
|
||||
- The Tor client now ignores sub-domain components of a .onion
|
||||
address. This change makes HTTP "virtual" hosting
|
||||
possible: http://foo.aaaaaaaaaaaaaaaa.onion/ and
|
||||
http://bar.aaaaaaaaaaaaaaaa.onion/ can be two different websites
|
||||
hosted on the same hidden service. Implements proposal 204.
|
||||
- We compute the overhead from passing onionskins back and forth to
|
||||
cpuworkers, and report it when dumping statistics in response to
|
||||
SIGUSR1. Supports ticket 7291.
|
||||
|
||||
o Minor features (path selection):
|
||||
- When deciding whether we have enough descriptors to build circuits,
|
||||
instead of looking at raw relay counts, look at which fraction
|
||||
of (bandwidth-weighted) paths we're able to build. This approach
|
||||
keeps clients from building circuits if their paths are likely to
|
||||
stand out statistically. The default fraction of paths needed is
|
||||
taken from the consensus directory; you can override it with the
|
||||
new PathsNeededToBuildCircuits option. Fixes ticket 5956.
|
||||
- When any country code is listed in ExcludeNodes or ExcludeExitNodes,
|
||||
and we have GeoIP information, also exclude all nodes with unknown
|
||||
countries "??" and "A1". This behavior is controlled by the
|
||||
new GeoIPExcludeUnknown option: you can make such nodes always
|
||||
excluded with "GeoIPExcludeUnknown 1", and disable the feature
|
||||
with "GeoIPExcludeUnknown 0". Setting "GeoIPExcludeUnknown auto"
|
||||
gets you the default behavior. Implements feature 7706.
|
||||
- Path Use Bias: Perform separate accounting for successful circuit
|
||||
use. Keep separate statistics on stream attempt rates versus stream
|
||||
success rates for each guard. Provide configurable thresholds to
|
||||
determine when to emit log messages or disable use of guards that
|
||||
fail too many stream attempts. Resolves ticket 7802.
|
||||
|
||||
o Minor features (log messages):
|
||||
- When learning a fingerprint for a bridge, log its corresponding
|
||||
transport type. Implements ticket 7896.
|
||||
- Improve the log message when "Bug/attack: unexpected sendme cell
|
||||
from client" occurs, to help us track bug 8093.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Remove a couple of extraneous semicolons that were upsetting the
|
||||
cparser library. Patch by Christian Grothoff. Fixes bug 7115;
|
||||
bugfix on 0.2.2.1-alpha.
|
||||
- Remove a source of rounding error during path bias count scaling;
|
||||
don't count cannibalized circuits as used for path bias until we
|
||||
actually try to use them; and fix a circuit_package_relay_cell()
|
||||
warning message about n_chan==NULL. Fixes bug 7802.
|
||||
- Detect nacl when its headers are in a nacl/ subdirectory. Also,
|
||||
actually link against nacl when we're configured to use it. Fixes
|
||||
bug 7972; bugfix on 0.2.4.8-alpha.
|
||||
- Compile correctly with the --disable-curve25519 option. Fixes
|
||||
bug 8153; bugfix on 0.2.4.8-alpha.
|
||||
|
||||
o Build improvements:
|
||||
- Do not report status verbosely from autogen.sh unless the -v flag
|
||||
is specified. Fixes issue 4664. Patch from Onizuka.
|
||||
- Replace all calls to snprintf() outside of src/ext with
|
||||
tor_snprintf(). Also remove the #define to replace snprintf with
|
||||
_snprintf on Windows; they have different semantics, and all of
|
||||
our callers should be using tor_snprintf() anyway. Fixes bug 7304.
|
||||
- Try to detect if we are ever building on a platform where
|
||||
memset(...,0,...) does not set the value of a double to 0.0. Such
|
||||
platforms are permitted by the C standard, though in practice
|
||||
they're pretty rare (since IEEE 754 is nigh-ubiquitous). We don't
|
||||
currently support them, but it's better to detect them and fail
|
||||
than to perform erroneously.
|
||||
|
||||
o Removed features:
|
||||
- Stop exporting estimates of v2 and v3 directory traffic shares
|
||||
in extrainfo documents. They were unneeded and sometimes inaccurate.
|
||||
Also stop exporting any v2 directory request statistics. Resolves
|
||||
ticket 5823.
|
||||
- Drop support for detecting and warning about versions of Libevent
|
||||
before 1.3e. Nothing reasonable ships with them any longer;
|
||||
warning the user about them shouldn't be needed. Resolves ticket
|
||||
6826.
|
||||
|
||||
o Code simplifications and refactoring:
|
||||
- Rename "isin" functions to "contains", for grammar. Resolves
|
||||
ticket 5285.
|
||||
- Rename Tor's logging function log() to tor_log(), to avoid conflicts
|
||||
with the natural logarithm function from the system libm. Resolves
|
||||
ticket 7599.
|
||||
|
||||
|
||||
Changes in version 0.2.4.9-alpha - 2013-01-15
|
||||
|
@ -1,4 +0,0 @@
|
||||
o Minor features (build):
|
||||
- Do not report status verbosely from autogen.sh unless the -v flag
|
||||
is specified. Fixes issue 4664. Patch from Onizuka.
|
||||
|
@ -1,7 +0,0 @@
|
||||
o Minor bugfixes:
|
||||
- Replace all calls to snprintf outside of src/ext with tor_snprintf.
|
||||
Fix for bug 7304.
|
||||
o Code simplification and refactoring:
|
||||
- Remove the #define to replace snprintf with _snprintf on windows;
|
||||
they have different semantics, and all of our callers should be
|
||||
using tor_snprintf anyway. Partial fix for bug 7304.
|
@ -1,5 +0,0 @@
|
||||
o Removed featurs:
|
||||
- Stop exporting estimates of v2 and v3 directory traffic shares
|
||||
in extrainfo documents. They were unneeded and sometimes inaccurate.
|
||||
Also stop exporting any v2 directory request statistics. Resolves
|
||||
ticket 5823.
|
@ -1,5 +0,0 @@
|
||||
o Removed features:
|
||||
- Drop support for detecting and warning about versions of Libevent
|
||||
before 1.3e. Nothing reasonable ships with them any longer;
|
||||
warning the user about them shouldn't be needed. Resolves ticket
|
||||
6826.
|
@ -1,4 +0,0 @@
|
||||
o Minor bugfixes (portability)
|
||||
- Remove a couple of extraneous semicolos that were upsetting the
|
||||
cparser library. Patch by Christian Grothoff. Fixes bug 7115;
|
||||
bugfix on 0.2.2.1-alpha.
|
@ -1,5 +0,0 @@
|
||||
o Major bugfixes:
|
||||
- When a TLS write is partially successful but incomplete, remember
|
||||
that the flushed part has been flushed, and notice that bytes were
|
||||
actually written. Reported and fixed pseudonymously. Fixes bug
|
||||
7708; bugfix on Tor 0.1.0.5-rc.
|
@ -1,11 +0,0 @@
|
||||
o Minor features:
|
||||
- Path Use Bias: Perform separate accounting for successful circuit use.
|
||||
Separate statistics on stream attempt versus success rates are kept
|
||||
for each guard. Configurable thresholds are provided to determine
|
||||
when to emit log messages or disable use of guards that fail too
|
||||
many stream attempts.
|
||||
o Minor bugfixes:
|
||||
- Remove a source of rounding error during path bias count scaling.
|
||||
- Don't count cannibalized circuits as used for path bias until we
|
||||
actually try to use them.
|
||||
- Fix circuit_package_relay_cell warning message about n_chan==NULL.
|
@ -1,8 +0,0 @@
|
||||
o Major bugfixes:
|
||||
- Reject bogus create and relay cells with 0 circuit ID or 0 stream
|
||||
ID: these could be used to create unexpected streams and circuits
|
||||
which would count as "present" to some parts of Tor but "absent"
|
||||
to others, leading to zombie circuits and streams or to a
|
||||
bandwidth DOS. Fixes bug 7889; bugfix on every released version of
|
||||
Tor. Reported by "oftc_must_be_destroyed".
|
||||
|
@ -1,3 +0,0 @@
|
||||
o Minor features:
|
||||
- When learning a fingerprint for a bridge, log its corresponding
|
||||
transport type. Implements ticket 7896.
|
@ -1,5 +0,0 @@
|
||||
o Minor bugfixes:
|
||||
- Detect nacl when its headers are in a nacl/ subdirectory. Fixes bug
|
||||
7972; bugfix on 0.2.4.8-alpha.
|
||||
- Actually link against nacl when we're configured to use it. Fixes bug
|
||||
7972; bugfix on 0.2.4.8-alpha.
|
@ -1,4 +0,0 @@
|
||||
o Minor features:
|
||||
- Improve the log message when "Bug/attack: unexpected sendme cell
|
||||
from client" occurs, to help us track bug 8093.
|
||||
|
@ -1,13 +0,0 @@
|
||||
o Major bugfixes (security, directory authority):
|
||||
- When computing directory thresholds, ignore any rejected-as-sybil
|
||||
nodes during the computation so that they can't influence Fast,
|
||||
Guard, etc. Fixes bug 8146.
|
||||
|
||||
- When computing thresholds for flags, never let the threshold for
|
||||
the Fast flag to 4096 bytes. Fixes bug 8145.
|
||||
- Do not consider nodes with extremely low bandwidths when deciding
|
||||
thresholds for various directory flags. Another fix for 8145.
|
||||
|
||||
- When marking a node as a likely sybil, reset its uptime metrics
|
||||
to zero, so that it cannot time towards getting marked as Guard,
|
||||
Stable, or HSDir. Fix for bug 8147.
|
@ -1,3 +0,0 @@
|
||||
o Minor bugfixes:
|
||||
- Compile correctly with the --disable-curve25519 option. Fix for
|
||||
bug 8153; bugfix on 0.2.4.8-alpha.
|
@ -1,4 +0,0 @@
|
||||
o Features (portability):
|
||||
- Build correctly with MSVC and Makefile.nmake. This resolves
|
||||
numerous bugs and fixes reported by ultramage, including 7305,
|
||||
7308, 7309, 7310, 7312, 7313, 7315, 7316, and 7669.
|
@ -1,8 +0,0 @@
|
||||
o Build improvements (bizarre platform detection):
|
||||
- Try to detect it if we are ever building on a platform where
|
||||
memset(...,0,...) does not set the value of a double to 0.0. Such
|
||||
platforms are permitted by the C standard, though in practice
|
||||
they're pretty rare (since IEEE 754 is nigh-ubiquitous). We don't
|
||||
currently support them, but it's better to detect them and fail
|
||||
than to perform erroneously.
|
||||
|
@ -1,8 +0,0 @@
|
||||
o Major features:
|
||||
- When deciding whether we have enough descriptors to build circuits,
|
||||
instead of looking at raw circuit counts, look at which fraction of
|
||||
(bandwidth-weighted) paths we're able to build. This approach keeps
|
||||
clients from building circuits if their paths are likely to stand out
|
||||
statistically. The default fraction of paths needed is taken from the
|
||||
consensus directory; you can override it with the new
|
||||
PathsNeededToBuildCircuits option. Fixes issue 5956.
|
@ -1,9 +0,0 @@
|
||||
o Minor features:
|
||||
- When any country code is listed in ExcludeNodes or
|
||||
ExcludeExitNodes, and we have GeoIP information, also exclude
|
||||
all nodes with unknown countries ({??} and {A1} if
|
||||
present). This behavior is controlled by the new
|
||||
GeoIPExcludeUnknown option: you can make such nodes always
|
||||
excluded with 'GeoIPExcludeUnknown 1', and disable the feature
|
||||
with 'GeoIPExcludeUnknown 0'. Setting 'GeoIPExcludeUnknown auto'
|
||||
gets you the default behavior. Implements feature 7706.
|
@ -1,6 +0,0 @@
|
||||
o Build fixes (MSVC):
|
||||
- Correctly define HAVE_EVENT_BASE_LOOPEXIT, since we only build
|
||||
with MSVC when using Libevent 2.0 or later. Fixes bug 7308.
|
||||
Reported by "ultramage".
|
||||
- Make the ntor and curve25519 code build correctly with MSVC.
|
||||
Fix on 0.2.4.8-alpha.
|
@ -1,5 +0,0 @@
|
||||
o Minor features:
|
||||
- Ignore sub-domain components of a .onion address. This makes HTTP "virtual"
|
||||
hosting possible: http://foo.aaaaaaaaaaaaaaaa.onion/ and
|
||||
http//bar.aaaaaaaaaaaaaaaa.onion/ can be two different websites hosted at
|
||||
the same location. Implements proposal 204.
|
@ -1,2 +0,0 @@
|
||||
o Code simplifications and refactoring:
|
||||
- Rename "isin" functions to "contains", for grammar. Fixes ticket 5285.
|
@ -1,4 +0,0 @@
|
||||
o Code simplification and refactoring:
|
||||
- Rename Tor's logging function log() to tor_log(), to avoid conflicts
|
||||
with the natural logarithm function from the system libm. Resolves
|
||||
ticket 7599.
|
@ -1,6 +0,0 @@
|
||||
o Major bugfixes:
|
||||
- Rename all macros in our local copy of queue.h to begin with TOR_;
|
||||
this seems the only good way to permanently prevent conflicts
|
||||
with queue.h on various operating systems. Fixes bug 8107; bugfix on
|
||||
0.2.4.6-alpha.
|
||||
|
@ -1,11 +0,0 @@
|
||||
o Minor features (relay):
|
||||
- Instead of limiting the number of queued onionskins to a configured,
|
||||
hard-to-configure number, we limit the size of the queue based on how
|
||||
many we expect to be able to process in a given amount of time. We
|
||||
estimate the time it will take to process an onionskin based on average
|
||||
processing time of previous onionskins. Closes ticket 7291. You'll
|
||||
never have to configure MaxOnionsPending again.
|
||||
|
||||
- We compute the overhead from passing onionskins back and forth to
|
||||
cpuworkers, and report it when dumping statistics in response to
|
||||
SIGUSR1.
|
Loading…
Reference in New Issue
Block a user