checkpoint some changelog items for 0.1.1.11-alpha

svn:r5729
This commit is contained in:
Roger Dingledine 2006-01-04 08:31:29 +00:00
parent 2f3b864639
commit ffeebd99fa

View File

@ -1,3 +1,96 @@
Changes in version 0.1.1.11-alpha - 2006-01-xx
o Crashes in 0.1.1.x:
- Include all the assert/crash fixes from 0.1.0.16.
- If you start Tor and then quit very quickly, there were some
races that tried to free things that weren't allocated yet.
- Fix a rare memory stomp if you're running hidden services.
- Fix segfault when specifying DirServer in config without nickname.
- Fix a seg fault when you finish connecting to a server but at
that moment you dump his server descriptor.
- Extendcircuit and Attachstream controller commands would
assert/crash if you don't give them enough arguments.
o Major features:
- Automatically choose a handful of entry nodes and stick with them
for all circuits. Only pick new ones when the ones you have are
unsuitable, and if the old ones become suitable again, switch back.
This will increase security dramatically against certain end-point
attacks. The EntryNodes config option now provides some hints
about which entry nodes you want to use most; and StrictEntryNodes
- New directory logic: download by descriptor digest, not by
fingerprint. Caches try to download all listed digests from
authorities; clients try to download "best" digests from caches.
Now we avoid partitioning and isolating attacks better.
- Make the "stable" flag in network-status be the median of the
uptimes of running valid servers. That way the cutoff adapts to
the stability of the network as a whole. This will make IRC, IM,
etc connections more reliable.
- Make clients look at the fast and stable flags in networkstatus,
not at the bandwidth and uptime declared in the router descriptors.
o Major fixes:
- Tor servers with dynamic IP addresses were needing to wait 18
hours before they could start doing reachability testing using
the new IP address and ports. This is because they were using
the internal descriptor to learn what to test, yet they were only
rebuilding the descriptor once they decided they were reachable.
o Minor fixes:
- If the network is down, and we try to connect to a conn because
we have a circuit in mind, and we timeout (30 seconds) because the
network never answers, we were expiring the circuit, but we weren't
obsoleting the connection or telling the entry_nodes functions. now
do that.
- Some tor servers process billions of cells in a matter of days.
These statistics need to be uint64_t's.
- Check for integer overflows in more places, when adding elements
to smartlists. This could possibly prevent a buffer overflow
on malicious huge inputs. I don't see any, but I haven't looked
carefully.
- ReachableAddresses kept growing new "reject *:*" lines on every
reload.
- When you "setconf log" via the controller, it should remove all
logs. We were automatically adding back in a "log notice stdout".
- Newly bootstrapped tor networks couldn't establish hidden service
circuits until they had nodes with high uptime. Be more tolerant.
- We were marking servers down when they could not answer every piece
of the directory request we sent them. This was far too harsh.
- Fix the torify (tsocks) config file to not use Tor for localhost
connections.
o Minor features:
- Write the TorVersion into the state file so we have a prayer of
keeping forward and backward compatibility.
- Revive the FascistFirewall config option rather than eliminating it:
now it's a synonym for ReachableAddresses *:80,*:443.
- Clients choose directory servers from the network status lists,
not from their internal list of router descriptors. Now we can
go to caches directly rather than needing to go to authorities
to bootstrap.
- Directory authorities ignore router descriptors that have only
cosmetic differences: do this for 0.1.0.x servers now too.
- Add a new flag to network-status indicating whether the server
can answer v2 directory requests too.
- Authdirs now stop whining so loudly about bad descriptors that
they fetch from other dirservers. now when there's a log complaint,
it's for sure from a freshly uploaded descriptor.
- Reduce memory requirements in our structs by changing the order
of fields.
- There used to be two ways to specify your listening ports in a
server descriptor: on the "router" line and with a separate "ports"
line. Remove support for the "ports" line.
- New config option "AuthDirRejectUnlisted" for auth dirservers as
a panic button: if we get flooded with unusable servers we can
revert to only listing servers in the approved-routers file.
- Auth dir servers can also mark a fingerprint as "!reject" or
"!invalid" in the approved-routers file (as its nickname), to
refuse descriptors outright or include them but marked as invalid.
- Servers store bandwidth history across restarts/crashes.
Changes in version 0.1.1.10-alpha - 2005-12-11
o Correctness bugfixes on 0.1.0.x:
- On Windows, build with a libevent patch from "I-M Weasel" to avoid