commit b5f2b449ee590f9b1597ab2277a867a3edcf4b8f Author: Roger Dingledine arma@torproject.org Date: Tue Mar 8 18:59:48 2011 -0500

forward-port the 0.2.2.23-alpha changelog --- ChangeLog | 139 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 139 insertions(+), 0 deletions(-)

diff --git a/ChangeLog b/ChangeLog index fe5403f..bfa634c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,142 @@ +Changes in version 0.2.2.23-alpha - 2011-03-08 + Tor 0.2.2.23-alpha lets relays record their bandwidth history so when + they restart they don't lose their bandwidth capacity estimate. This + release also fixes a diverse set of user-facing bugs, ranging from + relays overrunning their rate limiting to clients falsely warning about + clock skew to bridge descriptor leaks by our bridge directory authority. + + o Major bugfixes: + - Stop sending a CLOCK_SKEW controller status event whenever + we fetch directory information from a relay that has a wrong clock. + Instead, only inform the controller when it's a trusted authority + that claims our clock is wrong. Bugfix on 0.1.2.6-alpha; fixes + the rest of bug 1074. + - Fix an assert in parsing router descriptors containing IPv6 + addresses. This one took down the directory authorities when + somebody tried some experimental code. Bugfix on 0.2.1.3-alpha. + - Make the bridge directory authority refuse to answer directory + requests for "all" descriptors. It used to include bridge + descriptors in its answer, which was a major information leak. + Found by "piebeer". Bugfix on 0.2.0.3-alpha. + - If relays set RelayBandwidthBurst but not RelayBandwidthRate, + Tor would ignore their RelayBandwidthBurst setting, + potentially using more bandwidth than expected. Bugfix on + 0.2.0.1-alpha. Reported by Paul Wouters. Fixes bug 2470. + - Ignore and warn if the user mistakenly sets "PublishServerDescriptor + hidserv" in her torrc. The 'hidserv' argument never controlled + publication of hidden service descriptors. Bugfix on 0.2.0.1-alpha. + + o Major features: + - Relays now save observed peak bandwidth throughput rates to their + state file (along with total usage, which was already saved) + so that they can determine their correct estimated bandwidth on + restart. Resolves bug 1863, where Tor relays would reset their + estimated bandwidth to 0 after restarting. + - Directory authorities now take changes in router IP address and + ORPort into account when determining router stability. Previously, + if a router changed its IP or ORPort, the authorities would not + treat it as having any downtime for the purposes of stability + calculation, whereas clients would experience downtime since the + change could take a while to propagate to them. Resolves issue 1035. + - Enable Address Space Layout Randomization (ASLR) and Data Execution + Prevention (DEP) by default on Windows to make it harder for + attackers to exploit vulnerabilities. Patch from John Brooks. + + o Minor bugfixes (on 0.2.1.x and earlier): + - Fix a rare crash bug that could occur when a client was configured + with a large number of bridges. Fixes bug 2629; bugfix on + 0.2.1.2-alpha. Bugfix by trac user "shitlei". + - Avoid a double mark-for-free warning when failing to attach a + transparent proxy connection. Bugfix on 0.1.2.1-alpha. Fixes + bug 2279. + - Correctly detect failure to allocate an OpenSSL BIO. Fixes bug 2378; + found by "cypherpunks". This bug was introduced before the first + Tor release, in svn commit r110. + - Country codes aren't supported in EntryNodes until 0.2.3.x, so + don't mention them in the manpage. Fixes bug 2450; issue + spotted by keb and G-Lo. + - Fix a bug in bandwidth history state parsing that could have been + triggered if a future version of Tor ever changed the timing + granularity at which bandwidth history is measured. Bugfix on + Tor 0.1.1.11-alpha. + - When a relay decides that its DNS is too broken for it to serve + as an exit server, it advertised itself as a non-exit, but + continued to act as an exit. This could create accidental + partitioning opportunities for users. Instead, if a relay is + going to advertise reject *:* as its exit policy, it should + really act with exit policy "reject *:*". Fixes bug 2366. + Bugfix on Tor 0.1.2.5-alpha. Bugfix by user "postman" on trac. + - In the special case where you configure a public exit relay as your + bridge, Tor would be willing to use that exit relay as the last + hop in your circuit as well. Now we fail that circuit instead. + Bugfix on 0.2.0.12-alpha. Fixes bug 2403. Reported by "piebeer". + - Fix a bug with our locking implementation on Windows that couldn't + correctly detect when a file was already locked. Fixes bug 2504, + bugfix on 0.2.1.6-alpha. + - Fix IPv6-related connect() failures on some platforms (BSD, OS X). + Bugfix on 0.2.0.3-alpha; fixes first part of bug 2660. Patch by + "piebeer". + - Set target port in get_interface_address6() correctly. Bugfix + on 0.1.1.4-alpha and 0.2.0.3-alpha; fixes second part of bug 2660. + - Directory authorities are now more robust to hops back in time + when calculating router stability. Previously, if a run of uptime + or downtime appeared to be negative, the calculation could give + incorrect results. Bugfix on 0.2.0.6-alpha; noticed when fixing + bug 1035. + - Fix an assert that got triggered when using the TestingTorNetwork + configuration option and then issuing a GETINFO config-text control + command. Fixes bug 2250; bugfix on 0.2.1.2-alpha. + + o Minor bugfixes (on 0.2.2.x): + - Clients should not weight BadExit nodes as Exits in their node + selection. Similarly, directory authorities should not count BadExit + bandwidth as Exit bandwidth when computing bandwidth-weights. + Bugfix on 0.2.2.10-alpha; fixes bug 2203. + - Correctly clear our dir_read/dir_write history when there is an + error parsing any bw history value from the state file. Bugfix on + Tor 0.2.2.15-alpha. + - Resolve a bug in verifying signatures of directory objects + with digests longer than SHA1. Bugfix on 0.2.2.20-alpha. + Fixes bug 2409. Found by "piebeer". + - Bridge authorities no longer crash on SIGHUP when they try to + publish their relay descriptor to themselves. Fixes bug 2572. Bugfix + on 0.2.2.22-alpha. + + o Minor features: + - Log less aggressively about circuit timeout changes, and improve + some other circuit timeout messages. Resolves bug 2004. + - Log a little more clearly about the times at which we're no longer + accepting new connections. Resolves bug 2181. + - Reject attempts at the client side to open connections to private + IP addresses (like 127.0.0.1, 10.0.0.1, and so on) with + a randomly chosen exit node. Attempts to do so are always + ill-defined, generally prevented by exit policies, and usually + in error. This will also help to detect loops in transparent + proxy configurations. You can disable this feature by setting + "ClientRejectInternalAddresses 0" in your torrc. + - Always treat failure to allocate an RSA key as an unrecoverable + allocation error. + - Update to the March 1 2011 Maxmind GeoLite Country database. + + o Minor features (log subsystem): + - Add documentation for configuring logging at different severities in + different log domains. We've had this feature since 0.2.1.1-alpha, + but for some reason it never made it into the manpage. Fixes + bug 2215. + - Make it simpler to specify "All log domains except for A and B". + Previously you needed to say "[*,~A,~B]". Now you can just say + "[~A,~B]". + - Add a "LogMessageDomains 1" option to include the domains of log + messages along with the messages. Without this, there's no way + to use log domains without reading the source or doing a lot + of guessing. + + o Packaging changes: + - Stop shipping the Tor specs files and development proposal documents + in the tarball. They are now in a separate git repository at + git://git.torproject.org/torspec.git + + Changes in version 0.2.2.22-alpha - 2011-01-25 Tor 0.2.2.22-alpha fixes a few more less-critical security issues. The main other change is a slight tweak to Tor's TLS handshake that makes