Merge remote branch 'origin/maint-0.2.1'

Conflicts:
	ChangeLog
	configure.in
	contrib/tor-mingw.nsi.in
	src/win32/orconfig.h
This commit is contained in:
Nick Mathewson 2010-02-18 12:01:56 -05:00
commit 715f104eeb
5 changed files with 76 additions and 17 deletions

View File

@ -53,7 +53,17 @@ Changes in version 0.2.2.8-alpha - 2010-01-26
refuse to listen. refuse to listen.
Changes in version 0.2.1.23 - 2010-0?-?? Changes in version 0.2.1.24 - 2010-??-??
o Minor bugfixes:
- Work correctly out-of-the-box with even more vendor-patched versions
of OpenSSL.
Changes in version 0.2.1.23 - 2010-02-13
Tor 0.2.1.23 fixes a huge client-side performance bug, makes Tor work
again on the latest OS X, and updates the location of a directory
authority.
o Major bugfixes (performance): o Major bugfixes (performance):
- We were selecting our guards uniformly at random, and then weighting - We were selecting our guards uniformly at random, and then weighting
which of our guards we'd use uniformly at random. This imbalance which of our guards we'd use uniformly at random. This imbalance
@ -64,20 +74,25 @@ Changes in version 0.2.1.23 - 2010-0?-??
bug 1217; bugfix on 0.2.1.3-alpha. Found by Mike Perry. bug 1217; bugfix on 0.2.1.3-alpha. Found by Mike Perry.
o Major bugfixes: o Major bugfixes:
- Make Tor work again on the latest OS X: when deciding whether to
use strange flags to turn TLS renegotiation on, detect the OpenSSL
version at run-time, not compile time. We need to do this because
Apple doesn't update its dev-tools headers when it updates its
libraries in a security patch.
- Fix a potential buffer overflow in lookup_last_hid_serv_request() - Fix a potential buffer overflow in lookup_last_hid_serv_request()
that could happen on 32-bit platforms with 64-bit time_t. Also fix that could happen on 32-bit platforms with 64-bit time_t. Also fix
a memory leak when requesting a hidden service descriptor we've a memory leak when requesting a hidden service descriptor we've
requested before. Fixes bug 1242, bugfix on 0.2.0.18-alpha. Found requested before. Fixes bug 1242, bugfix on 0.2.0.18-alpha. Found
by aakova. by aakova.
o Directory authority changes:
- Change IP address for dannenberg (v3 directory authority), and
remove moria2 (obsolete v1, v2 directory authority and v0 hidden
service directory authority) from the list.
o Minor bugfixes: o Minor bugfixes:
- When deciding whether to use strange flags to turn TLS renegotiation - Refactor resolve_my_address() to not use gethostbyname() anymore.
on, detect the OpenSSL version at run-time, not compile time. We Fixes bug 1244; bugfix on 0.0.2pre25. Reported by Mike Mestnik.
need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch.
- Refactor resolve_my_address() a little, to not use gethostbyname()
anymore. Fixes bug 1244; bugfix on 0.0.2pre25. Reported by Mike
Mestnik.
o Minor features: o Minor features:
- Avoid a mad rush at the beginning of each month when each client - Avoid a mad rush at the beginning of each month when each client

View File

@ -3,6 +3,44 @@ This document summarizes new features and bugfixes in each stable release
of Tor. If you want to see more detailed descriptions of the changes in of Tor. If you want to see more detailed descriptions of the changes in
each development snapshot, see the ChangeLog file. each development snapshot, see the ChangeLog file.
Changes in version 0.2.1.23 - 2010-02-13
Tor 0.2.1.23 fixes a huge client-side performance bug, makes Tor work
again on the latest OS X, and updates the location of a directory
authority.
o Major bugfixes (performance):
- We were selecting our guards uniformly at random, and then weighting
which of our guards we'd use uniformly at random. This imbalance
meant that Tor clients were severely limited on throughput (and
probably latency too) by the first hop in their circuit. Now we
select guards weighted by currently advertised bandwidth. We also
automatically discard guards picked using the old algorithm. Fixes
bug 1217; bugfix on 0.2.1.3-alpha. Found by Mike Perry.
o Major bugfixes:
- Make Tor work again on the latest OS X: when deciding whether to
use strange flags to turn TLS renegotiation on, detect the OpenSSL
version at run-time, not compile time. We need to do this because
Apple doesn't update its dev-tools headers when it updates its
libraries in a security patch.
- Fix a potential buffer overflow in lookup_last_hid_serv_request()
that could happen on 32-bit platforms with 64-bit time_t. Also fix
a memory leak when requesting a hidden service descriptor we've
requested before. Fixes bug 1242, bugfix on 0.2.0.18-alpha. Found
by aakova.
o Minor bugfixes:
- Refactor resolve_my_address() to not use gethostbyname() anymore.
Fixes bug 1244; bugfix on 0.0.2pre25. Reported by Mike Mestnik.
o Minor features:
- Avoid a mad rush at the beginning of each month when each client
rotates half of its guards. Instead we spread the rotation out
throughout the month, but we still avoid leaving a precise timestamp
in the state file about when we first picked the guard. Improves
over the behavior introduced in 0.1.2.17.
Changes in version 0.2.1.22 - 2010-01-19 Changes in version 0.2.1.22 - 2010-01-19
Tor 0.2.1.22 fixes a critical privacy problem in bridge directory Tor 0.2.1.22 fixes a critical privacy problem in bridge directory
authorities -- it would tell you its whole history of bridge descriptors authorities -- it would tell you its whole history of bridge descriptors

View File

@ -8,6 +8,7 @@
!include "LogicLib.nsh" !include "LogicLib.nsh"
!include "FileFunc.nsh" !include "FileFunc.nsh"
!insertmacro GetParameters !insertmacro GetParameters
!define VERSION "0.2.2.8-alpha-dev" !define VERSION "0.2.2.8-alpha-dev"
!define INSTALLER "tor-${VERSION}-win32.exe" !define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/" !define WEBSITE "https://www.torproject.org/"

View File

@ -368,7 +368,7 @@ tor_tls_init(void)
* OpenSSL 0.9.8l. * OpenSSL 0.9.8l.
* *
* No, we can't just set flag 0x0010 everywhere. It breaks Tor with * No, we can't just set flag 0x0010 everywhere. It breaks Tor with
* OpenSSL 1.0.0beta, since i. No, we can't just set option * OpenSSL 1.0.0beta3 and later. No, we can't just set option
* 0x00040000L everywhere: before 0.9.8m, it meant something else. * 0x00040000L everywhere: before 0.9.8m, it meant something else.
* *
* No, we can't simply detect whether the flag or the option is present * No, we can't simply detect whether the flag or the option is present
@ -381,7 +381,7 @@ tor_tls_init(void)
*/ */
if (version >= 0x009080c0L && version < 0x009080d0L) { if (version >= 0x009080c0L && version < 0x009080d0L) {
log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l; " log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l; "
"I will try SSL3_FLAGS to enable renegotation.", "I will try SSL3_FLAGS to enable renegotation.",
SSLeay_version(SSLEAY_VERSION)); SSLeay_version(SSLEAY_VERSION));
use_unsafe_renegotiation_flag = 1; use_unsafe_renegotiation_flag = 1;
use_unsafe_renegotiation_op = 1; use_unsafe_renegotiation_op = 1;
@ -390,6 +390,13 @@ tor_tls_init(void)
"I will try SSL_OP to enable renegotiation", "I will try SSL_OP to enable renegotiation",
SSLeay_version(SSLEAY_VERSION)); SSLeay_version(SSLEAY_VERSION));
use_unsafe_renegotiation_op = 1; use_unsafe_renegotiation_op = 1;
} else if (version < 0x009080c0L) {
log_notice(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than "
"0.9.8l, but some vendors have backported 0.9.8l's "
"renegotiation code to earlier versions. I'll set "
"SSL3_FLAGS just to be safe.",
SSLeay_version(SSLEAY_VERSION), version);
use_unsafe_renegotiation_flag = 1;
} else { } else {
log_info(LD_GENERAL, "OpenSSL %s has version %lx", log_info(LD_GENERAL, "OpenSSL %s has version %lx",
SSLeay_version(SSLEAY_VERSION), version); SSLeay_version(SSLEAY_VERSION), version);

View File

@ -738,8 +738,6 @@ add_default_trusted_dir_authorities(authority_type_t type)
"moria1 orport=9101 no-v2 " "moria1 orport=9101 no-v2 "
"v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 " "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
"128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31", "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
"moria2 v1 orport=9002 128.31.0.34:9032 "
"719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF",
"tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 " "tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
"86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D", "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
"dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 " "dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
@ -753,7 +751,7 @@ add_default_trusted_dir_authorities(authority_type_t type)
"80.190.246.100:8180 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281", "80.190.246.100:8180 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
"dannenberg orport=443 no-v2 " "dannenberg orport=443 no-v2 "
"v3ident=585769C78764D58426B8B52B6651A5A71137189A " "v3ident=585769C78764D58426B8B52B6651A5A71137189A "
"213.73.91.31:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123", "193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
"urras orport=80 no-v2 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C " "urras orport=80 no-v2 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C "
"208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417", "208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417",
NULL NULL