mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
changelog for 0.0.8
svn:r2318
This commit is contained in:
parent
31b81650b7
commit
0987cf4bec
182
ChangeLog
182
ChangeLog
@ -1,124 +1,28 @@
|
|||||||
Release notes in progress for 0.0.8:
|
Changes in version 0.0.8 - 2004-08-25
|
||||||
rc2:
|
|
||||||
o Make it compile on cygwin again.
|
|
||||||
o When picking unverified routers, skip those with low uptime and/or
|
|
||||||
low bandwidth, depending on what properties you care about.
|
|
||||||
|
|
||||||
rc1:
|
|
||||||
o Changes from 0.0.7.3:
|
|
||||||
- Bugfixes:
|
|
||||||
- Fix assert triggers: if the other side returns an address 0.0.0.0,
|
|
||||||
don't put it into the client dns cache.
|
|
||||||
- If a begin failed due to exit policy, but we believe the IP
|
|
||||||
address should have been allowed, switch that router to exitpolicy
|
|
||||||
reject *:* until we get our next directory.
|
|
||||||
- Features:
|
|
||||||
- Clients choose nodes proportional to advertised bandwidth.
|
|
||||||
- Avoid using nodes with low uptime as introduction points.
|
|
||||||
- Handle servers with dynamic IP addresses: don't replace
|
|
||||||
options->Address with the resolved one at startup, and
|
|
||||||
detect our address right before we make a routerinfo each time.
|
|
||||||
- 'FascistFirewall' option to pick dirservers and ORs on specific
|
|
||||||
ports; plus 'FirewallPorts' config option to tell FascistFirewall
|
|
||||||
which ports are open. (Defaults to 80,443)
|
|
||||||
- Be more aggressive about trying to make circuits when the network
|
|
||||||
has changed (e.g. when you unsuspend your laptop).
|
|
||||||
- Check for time skew on http headers; report date in response to
|
|
||||||
"GET /".
|
|
||||||
- If the entrynode config line has only one node, don't pick it as
|
|
||||||
an exitnode.
|
|
||||||
- Add strict{entry|exit}nodes config options. If set to 1, then
|
|
||||||
we refuse to build circuits that don't include the specified entry
|
|
||||||
or exit nodes.
|
|
||||||
- OutboundBindAddress config option, to bind to a specific
|
|
||||||
IP address for outgoing connect()s.
|
|
||||||
- End truncated log entries (e.g. directories) with "[truncated]".
|
|
||||||
|
|
||||||
o Patches to 0.0.8preX:
|
|
||||||
- Bugfixes:
|
|
||||||
- Patches to compile and run on win32 again (maybe)?
|
|
||||||
- Fix crash when looking for ~/.torrc with no $HOME set.
|
|
||||||
- Fix a race bug in the unit tests.
|
|
||||||
- Handle verified/unverified name collisions better when new
|
|
||||||
routerinfo's arrive in a directory.
|
|
||||||
- Sometimes routers were getting entered into the stats before
|
|
||||||
we'd assigned their identity_digest. Oops.
|
|
||||||
- Only pick and establish intro points after we've gotten a
|
|
||||||
directory.
|
|
||||||
- Features:
|
|
||||||
- AllowUnverifiedNodes config option to let circuits choose no-name
|
|
||||||
routers in entry,middle,exit,introduction,rendezvous positions.
|
|
||||||
Allow middle and rendezvous positions by default.
|
|
||||||
- Add a man page for tor-resolve.
|
|
||||||
|
|
||||||
pre3:
|
|
||||||
o Changes from 0.0.7.2:
|
|
||||||
- Allow multiple ORs with same nickname in routerlist -- now when
|
|
||||||
people give us one identity key for a nickname, then later
|
|
||||||
another, we don't constantly complain until the first expires.
|
|
||||||
- Remember used bandwidth (both in and out), and publish 15-minute
|
|
||||||
snapshots for the past day into our descriptor.
|
|
||||||
- You can now fetch $DIRURL/running-routers to get just the
|
|
||||||
running-routers line, not the whole descriptor list. (But
|
|
||||||
clients don't use this yet.)
|
|
||||||
- When people mistakenly use Tor as an http proxy, point them
|
|
||||||
at the tor-doc.html rather than the INSTALL.
|
|
||||||
- Remove our mostly unused -- and broken -- hex_encode()
|
|
||||||
function. Use base16_encode() instead. (Thanks to Timo Lindfors
|
|
||||||
for pointing out this bug.)
|
|
||||||
- Rotate onion keys every 12 hours, not every 2 hours, so we have
|
|
||||||
fewer problems with people using the wrong key.
|
|
||||||
- Change the default exit policy to reject the default edonkey,
|
|
||||||
kazaa, gnutella ports.
|
|
||||||
- Add replace_file() to util.[ch] to handle win32's rename().
|
|
||||||
|
|
||||||
o Changes from 0.0.8preX:
|
|
||||||
- Fix two bugs in saving onion keys to disk when rotating, so
|
|
||||||
hopefully we'll get fewer people using old onion keys.
|
|
||||||
- Fix an assert error that was making SocksPolicy not work.
|
|
||||||
- Be willing to expire routers that have an open dirport -- it's
|
|
||||||
just the authoritative dirservers we want to not forget.
|
|
||||||
- Reject tor-resolve requests for .onion addresses early, so we
|
|
||||||
don't build a whole rendezvous circuit and then fail.
|
|
||||||
- When you're warning a server that he's unverified, don't cry
|
|
||||||
wolf unpredictably.
|
|
||||||
- Fix a race condition: don't try to extend onto a connection
|
|
||||||
that's still handshaking.
|
|
||||||
- For servers in clique mode, require the conn to be open before
|
|
||||||
you'll choose it for your path.
|
|
||||||
- Fix some cosmetic bugs about duplicate mark-for-close, lack of
|
|
||||||
end relay cell, etc.
|
|
||||||
- Measure bandwidth capacity over the last 24 hours, not just 12
|
|
||||||
- Bugfix: authoritative dirservers were making and signing a new
|
|
||||||
directory for each client, rather than reusing the cached one.
|
|
||||||
|
|
||||||
pre2:
|
|
||||||
o Changes from 0.0.7.2:
|
|
||||||
- Security fixes:
|
|
||||||
- Check directory signature _before_ you decide whether you're
|
|
||||||
you're running an obsolete version and should exit.
|
|
||||||
- Check directory signature _before_ you parse the running-routers
|
|
||||||
list to decide who's running or verified.
|
|
||||||
- Bugfixes and features:
|
|
||||||
- Check return value of fclose while writing to disk, so we don't
|
|
||||||
end up with broken files when servers run out of disk space.
|
|
||||||
- Log a warning if the user uses an unsafe socks variant, so people
|
|
||||||
are more likely to learn about privoxy or socat.
|
|
||||||
- Dirservers now include RFC1123-style dates in the HTTP headers,
|
|
||||||
which one day we will use to better detect clock skew.
|
|
||||||
|
|
||||||
o Changes from 0.0.8pre1:
|
|
||||||
- Make it compile without warnings again on win32.
|
|
||||||
- Log a warning if you're running an unverified server, to let you
|
|
||||||
know you might want to get it verified.
|
|
||||||
- Only pick a default nickname if you plan to be a server.
|
|
||||||
|
|
||||||
pre1:
|
|
||||||
o Bugfixes:
|
o Bugfixes:
|
||||||
- Made our unit tests compile again on OpenBSD 3.5, and tor
|
- Made our unit tests compile again on OpenBSD 3.5, and tor
|
||||||
itself compile again on OpenBSD on a sparc64.
|
itself compile again on OpenBSD on a sparc64.
|
||||||
- We were neglecting milliseconds when logging on win32, so
|
- We were neglecting milliseconds when logging on win32, so
|
||||||
everything appeared to happen at the beginning of each second.
|
everything appeared to happen at the beginning of each second.
|
||||||
|
- Check directory signature _before_ you decide whether you're
|
||||||
|
you're running an obsolete version and should exit.
|
||||||
|
- Check directory signature _before_ you parse the running-routers
|
||||||
|
list to decide who's running.
|
||||||
|
- Check return value of fclose while writing to disk, so we don't
|
||||||
|
end up with broken files when servers run out of disk space.
|
||||||
|
- Port it to SunOS 5.9 / Athena
|
||||||
|
- Fix two bugs in saving onion keys to disk when rotating, so
|
||||||
|
hopefully we'll get fewer people using old onion keys.
|
||||||
|
- Remove our mostly unused -- and broken -- hex_encode()
|
||||||
|
function. Use base16_encode() instead. (Thanks to Timo Lindfors
|
||||||
|
for pointing out this bug.)
|
||||||
|
- Only pick and establish intro points after we've gotten a
|
||||||
|
directory.
|
||||||
|
- Fix assert triggers: if the other side returns an address 0.0.0.0,
|
||||||
|
don't put it into the client dns cache.
|
||||||
|
- If a begin failed due to exit policy, but we believe the IP
|
||||||
|
address should have been allowed, switch that router to exitpolicy
|
||||||
|
reject *:* until we get our next directory.
|
||||||
|
|
||||||
o Protocol changes:
|
o Protocol changes:
|
||||||
- 'Extend' relay cell payloads now include the digest of the
|
- 'Extend' relay cell payloads now include the digest of the
|
||||||
@ -135,9 +39,11 @@ pre1:
|
|||||||
list; unverified routers are listed as "$<fingerprint>".
|
list; unverified routers are listed as "$<fingerprint>".
|
||||||
- We now use hash-of-identity-key in most places rather than
|
- We now use hash-of-identity-key in most places rather than
|
||||||
nickname or addr:port, for improved security/flexibility.
|
nickname or addr:port, for improved security/flexibility.
|
||||||
- To avoid Sybil attacks, paths still use only verified servers.
|
- AllowUnverifiedNodes config option to let circuits choose no-name
|
||||||
But now we have a chance to play around with hybrid approaches.
|
routers in entry,middle,exit,introduction,rendezvous positions.
|
||||||
- Nodes track bandwidth usage to estimate capacity (not used yet).
|
Allow middle and rendezvous positions by default.
|
||||||
|
- When picking unverified routers, skip those with low uptime and/or
|
||||||
|
low bandwidth, depending on what properties you care about.
|
||||||
- ClientOnly option for nodes that never want to become servers.
|
- ClientOnly option for nodes that never want to become servers.
|
||||||
- Directory caching.
|
- Directory caching.
|
||||||
- "AuthoritativeDir 1" option for the official dirservers.
|
- "AuthoritativeDir 1" option for the official dirservers.
|
||||||
@ -153,6 +59,19 @@ pre1:
|
|||||||
by hash-of-key).
|
by hash-of-key).
|
||||||
- Allow dirservers to serve running-router list separately.
|
- Allow dirservers to serve running-router list separately.
|
||||||
This isn't used yet.
|
This isn't used yet.
|
||||||
|
- You can now fetch $DIRURL/running-routers to get just the
|
||||||
|
running-routers line, not the whole descriptor list. (But
|
||||||
|
clients don't use this yet.)
|
||||||
|
- Clients choose nodes proportional to advertised bandwidth.
|
||||||
|
- Clients avoid using nodes with low uptime as introduction points.
|
||||||
|
- Handle servers with dynamic IP addresses: don't just replace
|
||||||
|
options->Address with the resolved one at startup, and
|
||||||
|
detect our address right before we make a routerinfo each time.
|
||||||
|
- 'FascistFirewall' option to pick dirservers and ORs on specific
|
||||||
|
ports; plus 'FirewallPorts' config option to tell FascistFirewall
|
||||||
|
which ports are open. (Defaults to 80,443)
|
||||||
|
- Try other dirservers immediately if the one you try is down. This
|
||||||
|
should tolerate down dirservers better now.
|
||||||
- ORs connect-on-demand to other ORs
|
- ORs connect-on-demand to other ORs
|
||||||
- If you get an extend cell to an OR you're not connected to,
|
- If you get an extend cell to an OR you're not connected to,
|
||||||
connect, handshake, and forward the create cell.
|
connect, handshake, and forward the create cell.
|
||||||
@ -173,8 +92,6 @@ pre1:
|
|||||||
- Refuse to build a circuit before the directory has arrived --
|
- Refuse to build a circuit before the directory has arrived --
|
||||||
it won't work anyway, since you won't know the right onion keys
|
it won't work anyway, since you won't know the right onion keys
|
||||||
to use.
|
to use.
|
||||||
- Try other dirservers immediately if the one you try is down. This
|
|
||||||
should tolerate down dirservers better now.
|
|
||||||
- Parse tor version numbers so we can do an is-newer-than check
|
- Parse tor version numbers so we can do an is-newer-than check
|
||||||
rather than an is-in-the-list check.
|
rather than an is-in-the-list check.
|
||||||
- New socks command 'resolve', to let us shim gethostbyname()
|
- New socks command 'resolve', to let us shim gethostbyname()
|
||||||
@ -183,11 +100,32 @@ pre1:
|
|||||||
- A new socks-extensions.txt doc file to describe our
|
- A new socks-extensions.txt doc file to describe our
|
||||||
interpretation and extensions to the socks protocols.
|
interpretation and extensions to the socks protocols.
|
||||||
- Add a ContactInfo option, which gets published in descriptor.
|
- Add a ContactInfo option, which gets published in descriptor.
|
||||||
- Publish OR uptime in descriptor (and thus in directory) too.
|
|
||||||
- Write tor version at the top of each log file
|
- Write tor version at the top of each log file
|
||||||
- New docs in the tarball:
|
- New docs in the tarball:
|
||||||
- tor-doc.html.
|
- tor-doc.html.
|
||||||
- Document that you should proxy your SSL traffic too.
|
- Document that you should proxy your SSL traffic too.
|
||||||
|
- Log a warning if the user uses an unsafe socks variant, so people
|
||||||
|
are more likely to learn about privoxy or socat.
|
||||||
|
- Log a warning if you're running an unverified server, to let you
|
||||||
|
know you might want to get it verified.
|
||||||
|
- Change the default exit policy to reject the default edonkey,
|
||||||
|
kazaa, gnutella ports.
|
||||||
|
- Add replace_file() to util.[ch] to handle win32's rename().
|
||||||
|
- Publish OR uptime in descriptor (and thus in directory) too.
|
||||||
|
- Remember used bandwidth (both in and out), and publish 15-minute
|
||||||
|
snapshots for the past day into our descriptor.
|
||||||
|
- Be more aggressive about trying to make circuits when the network
|
||||||
|
has changed (e.g. when you unsuspend your laptop).
|
||||||
|
- Check for time skew on http headers; report date in response to
|
||||||
|
"GET /".
|
||||||
|
- If the entrynode config line has only one node, don't pick it as
|
||||||
|
an exitnode.
|
||||||
|
- Add strict{entry|exit}nodes config options. If set to 1, then
|
||||||
|
we refuse to build circuits that don't include the specified entry
|
||||||
|
or exit nodes.
|
||||||
|
- OutboundBindAddress config option, to bind to a specific
|
||||||
|
IP address for outgoing connect()s.
|
||||||
|
- End truncated log entries (e.g. directories) with "[truncated]".
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.0.7.3 - 2004-08-12
|
Changes in version 0.0.7.3 - 2004-08-12
|
||||||
|
Loading…
Reference in New Issue
Block a user