[tor-commits] [tor/master] fold in changes for 0.2.4.10-alpha
arma at torproject.org
arma at torproject.org
Mon Feb 4 22:06:52 UTC 2013
commit 03bdb4d5cef676a4332e7982d004afe4ff9110c1
Author: Roger Dingledine <arma at torproject.org>
Date: Mon Feb 4 17:06:01 2013 -0500
fold in changes for 0.2.4.10-alpha
---
ChangeLog | 138 ++++++++++++++++++++++++++++++++++++++++++-
changes/4664 | 4 -
changes/7304 | 7 --
changes/bug5823 | 5 --
changes/bug6826 | 5 --
changes/bug7115 | 4 -
changes/bug7708 | 5 --
changes/bug7802 | 11 ----
changes/bug7889 | 8 ---
changes/bug7896 | 3 -
changes/bug7972 | 5 --
changes/bug8093 | 4 -
changes/bug8146_etc | 13 ----
changes/bug8153 | 3 -
changes/build_with_msvc | 4 -
changes/double-0-check | 8 ---
changes/feature5956 | 8 ---
changes/feature7706 | 9 ---
changes/msvc | 6 --
changes/proposal204 | 5 --
changes/rename5285 | 2 -
changes/rename_log_7599 | 4 -
changes/rename_queue_macros | 6 --
changes/timed_onionqueue | 11 ----
24 files changed, 137 insertions(+), 141 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 7c5a490..0ed7f56 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,140 @@
-Changes in version 0.2.4.10-alpha - 2013-0?-??
+Changes in version 0.2.4.10-alpha - 2013-02-04
+ Tor 0.2.4.10-alpha adds defenses at the directory authority level from
+ certain attacks that flood the network with relays; changes the queue
+ for circuit create requests from a sized-based limit to a time-based
+ limit; resumes building with MSVC on Windows; and fixes a wide variety
+ of other issues.
+
+ o Major bugfixes (directory authority):
+ - When computing directory thresholds, ignore any rejected-as-sybil
+ nodes during the computation so that they can't influence Fast,
+ Guard, etc. (We shoud have done this for proposal 109.) Fixes
+ bug 8146.
+ - When marking a node as a likely sybil, reset its uptime metrics
+ to zero, so that it cannot time towards getting marked as Guard,
+ Stable, or HSDir. (We shoud have done this for proposal 109.) Fixes
+ bug 8147.
+
+ o Major bugfixes:
+ - When a TLS write is partially successful but incomplete, remember
+ that the flushed part has been flushed, and notice that bytes were
+ actually written. Reported and fixed pseudonymously. Fixes bug
+ 7708; bugfix on Tor 0.1.0.5-rc.
+ - Reject bogus create and relay cells with 0 circuit ID or 0 stream
+ ID: these could be used to create unexpected streams and circuits
+ which would count as "present" to some parts of Tor but "absent"
+ to others, leading to zombie circuits and streams or to a bandwidth
+ denial-of-service. Fixes bug 7889; bugfix on every released version
+ of Tor. Reported by "oftc_must_be_destroyed".
+ - Rename all macros in our local copy of queue.h to begin with "TOR_".
+ This change seems the only good way to permanently prevent conflicts
+ with queue.h on various operating systems. Fixes bug 8107; bugfix
+ on 0.2.4.6-alpha.
+
+ o Major features (relay):
+ - Instead of limiting the number of queued onionskins (aka circuit
+ create requests) to a fixed, hard-to-configure number, we limit
+ the size of the queue based on how many we expect to be able to
+ process in a given amount of time. We estimate the time it will
+ take to process an onionskin based on average processing time
+ of previous onionskins. Closes ticket 7291. You'll never have to
+ configure MaxOnionsPending again.
+
+ o Major features (portability):
+ - Resume building correctly with MSVC and Makefile.nmake. This patch
+ resolves numerous bugs and fixes reported by ultramage, including
+ 7305, 7308, 7309, 7310, 7312, 7313, 7315, 7316, and 7669.
+ - Make the ntor and curve25519 code build correctly with MSVC.
+ Fix on 0.2.4.8-alpha.
+
+ o Minor features:
+ - When directory authorities are computing thresholds for flags,
+ never let the threshold for the Fast flag fall below 4096
+ bytes. Also, do not consider nodes with extremely low bandwidths
+ when deciding thresholds for various directory flags. This change
+ should raise our threshold for Fast relays, possibly in turn
+ improving overall network performance; see ticket 1854. Resolves
+ ticket 8145.
+ - The Tor client now ignores sub-domain components of a .onion
+ address. This change makes HTTP "virtual" hosting
+ possible: http://foo.aaaaaaaaaaaaaaaa.onion/ and
+ http://bar.aaaaaaaaaaaaaaaa.onion/ can be two different websites
+ hosted on the same hidden service. Implements proposal 204.
+ - We compute the overhead from passing onionskins back and forth to
+ cpuworkers, and report it when dumping statistics in response to
+ SIGUSR1. Supports ticket 7291.
+
+ o Minor features (path selection):
+ - When deciding whether we have enough descriptors to build circuits,
+ instead of looking at raw relay counts, look at which fraction
+ of (bandwidth-weighted) paths we're able to build. This approach
+ keeps clients from building circuits if their paths are likely to
+ stand out statistically. The default fraction of paths needed is
+ taken from the consensus directory; you can override it with the
+ new PathsNeededToBuildCircuits option. Fixes ticket 5956.
+ - When any country code is listed in ExcludeNodes or ExcludeExitNodes,
+ and we have GeoIP information, also exclude all nodes with unknown
+ countries "??" and "A1". This behavior is controlled by the
+ new GeoIPExcludeUnknown option: you can make such nodes always
+ excluded with "GeoIPExcludeUnknown 1", and disable the feature
+ with "GeoIPExcludeUnknown 0". Setting "GeoIPExcludeUnknown auto"
+ gets you the default behavior. Implements feature 7706.
+ - Path Use Bias: Perform separate accounting for successful circuit
+ use. Keep separate statistics on stream attempt rates versus stream
+ success rates for each guard. Provide configurable thresholds to
+ determine when to emit log messages or disable use of guards that
+ fail too many stream attempts. Resolves ticket 7802.
+
+ o Minor features (log messages):
+ - When learning a fingerprint for a bridge, log its corresponding
+ transport type. Implements ticket 7896.
+ - Improve the log message when "Bug/attack: unexpected sendme cell
+ from client" occurs, to help us track bug 8093.
+
+ o Minor bugfixes:
+ - Remove a couple of extraneous semicolons that were upsetting the
+ cparser library. Patch by Christian Grothoff. Fixes bug 7115;
+ bugfix on 0.2.2.1-alpha.
+ - Remove a source of rounding error during path bias count scaling;
+ don't count cannibalized circuits as used for path bias until we
+ actually try to use them; and fix a circuit_package_relay_cell()
+ warning message about n_chan==NULL. Fixes bug 7802.
+ - Detect nacl when its headers are in a nacl/ subdirectory. Also,
+ actually link against nacl when we're configured to use it. Fixes
+ bug 7972; bugfix on 0.2.4.8-alpha.
+ - Compile correctly with the --disable-curve25519 option. Fixes
+ bug 8153; bugfix on 0.2.4.8-alpha.
+
+ o Build improvements:
+ - Do not report status verbosely from autogen.sh unless the -v flag
+ is specified. Fixes issue 4664. Patch from Onizuka.
+ - Replace all calls to snprintf() outside of src/ext with
+ tor_snprintf(). Also remove the #define to replace snprintf with
+ _snprintf on Windows; they have different semantics, and all of
+ our callers should be using tor_snprintf() anyway. Fixes bug 7304.
+ - Try to detect if we are ever building on a platform where
+ memset(...,0,...) does not set the value of a double to 0.0. Such
+ platforms are permitted by the C standard, though in practice
+ they're pretty rare (since IEEE 754 is nigh-ubiquitous). We don't
+ currently support them, but it's better to detect them and fail
+ than to perform erroneously.
+
+ o Removed features:
+ - Stop exporting estimates of v2 and v3 directory traffic shares
+ in extrainfo documents. They were unneeded and sometimes inaccurate.
+ Also stop exporting any v2 directory request statistics. Resolves
+ ticket 5823.
+ - Drop support for detecting and warning about versions of Libevent
+ before 1.3e. Nothing reasonable ships with them any longer;
+ warning the user about them shouldn't be needed. Resolves ticket
+ 6826.
+
+ o Code simplifications and refactoring:
+ - Rename "isin" functions to "contains", for grammar. Resolves
+ ticket 5285.
+ - Rename Tor's logging function log() to tor_log(), to avoid conflicts
+ with the natural logarithm function from the system libm. Resolves
+ ticket 7599.
Changes in version 0.2.4.9-alpha - 2013-01-15
diff --git a/changes/4664 b/changes/4664
deleted file mode 100644
index eb81da9..0000000
--- a/changes/4664
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features (build):
- - Do not report status verbosely from autogen.sh unless the -v flag
- is specified. Fixes issue 4664. Patch from Onizuka.
-
diff --git a/changes/7304 b/changes/7304
deleted file mode 100644
index bfb797b..0000000
--- a/changes/7304
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes:
- - Replace all calls to snprintf outside of src/ext with tor_snprintf.
- Fix for bug 7304.
- o Code simplification and refactoring:
- - Remove the #define to replace snprintf with _snprintf on windows;
- they have different semantics, and all of our callers should be
- using tor_snprintf anyway. Partial fix for bug 7304.
diff --git a/changes/bug5823 b/changes/bug5823
deleted file mode 100644
index d76b590..0000000
--- a/changes/bug5823
+++ /dev/null
@@ -1,5 +0,0 @@
- o Removed featurs:
- - Stop exporting estimates of v2 and v3 directory traffic shares
- in extrainfo documents. They were unneeded and sometimes inaccurate.
- Also stop exporting any v2 directory request statistics. Resolves
- ticket 5823.
diff --git a/changes/bug6826 b/changes/bug6826
deleted file mode 100644
index 6eba19b..0000000
--- a/changes/bug6826
+++ /dev/null
@@ -1,5 +0,0 @@
- o Removed features:
- - Drop support for detecting and warning about versions of Libevent
- before 1.3e. Nothing reasonable ships with them any longer;
- warning the user about them shouldn't be needed. Resolves ticket
- 6826.
diff --git a/changes/bug7115 b/changes/bug7115
deleted file mode 100644
index 976b9a9..0000000
--- a/changes/bug7115
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (portability)
- - Remove a couple of extraneous semicolos that were upsetting the
- cparser library. Patch by Christian Grothoff. Fixes bug 7115;
- bugfix on 0.2.2.1-alpha.
diff --git a/changes/bug7708 b/changes/bug7708
deleted file mode 100644
index e272adf..0000000
--- a/changes/bug7708
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes:
- - When a TLS write is partially successful but incomplete, remember
- that the flushed part has been flushed, and notice that bytes were
- actually written. Reported and fixed pseudonymously. Fixes bug
- 7708; bugfix on Tor 0.1.0.5-rc.
diff --git a/changes/bug7802 b/changes/bug7802
deleted file mode 100644
index 9bc0f36..0000000
--- a/changes/bug7802
+++ /dev/null
@@ -1,11 +0,0 @@
- o Minor features:
- - Path Use Bias: Perform separate accounting for successful circuit use.
- Separate statistics on stream attempt versus success rates are kept
- for each guard. Configurable thresholds are provided to determine
- when to emit log messages or disable use of guards that fail too
- many stream attempts.
- o Minor bugfixes:
- - Remove a source of rounding error during path bias count scaling.
- - Don't count cannibalized circuits as used for path bias until we
- actually try to use them.
- - Fix circuit_package_relay_cell warning message about n_chan==NULL.
diff --git a/changes/bug7889 b/changes/bug7889
deleted file mode 100644
index ce99a59..0000000
--- a/changes/bug7889
+++ /dev/null
@@ -1,8 +0,0 @@
- o Major bugfixes:
- - Reject bogus create and relay cells with 0 circuit ID or 0 stream
- ID: these could be used to create unexpected streams and circuits
- which would count as "present" to some parts of Tor but "absent"
- to others, leading to zombie circuits and streams or to a
- bandwidth DOS. Fixes bug 7889; bugfix on every released version of
- Tor. Reported by "oftc_must_be_destroyed".
-
diff --git a/changes/bug7896 b/changes/bug7896
deleted file mode 100644
index 9eecaa6..0000000
--- a/changes/bug7896
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - When learning a fingerprint for a bridge, log its corresponding
- transport type. Implements ticket 7896.
diff --git a/changes/bug7972 b/changes/bug7972
deleted file mode 100644
index 6e1fce6..0000000
--- a/changes/bug7972
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Detect nacl when its headers are in a nacl/ subdirectory. Fixes bug
- 7972; bugfix on 0.2.4.8-alpha.
- - Actually link against nacl when we're configured to use it. Fixes bug
- 7972; bugfix on 0.2.4.8-alpha.
diff --git a/changes/bug8093 b/changes/bug8093
deleted file mode 100644
index cbddfd9..0000000
--- a/changes/bug8093
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Improve the log message when "Bug/attack: unexpected sendme cell
- from client" occurs, to help us track bug 8093.
-
diff --git a/changes/bug8146_etc b/changes/bug8146_etc
deleted file mode 100644
index 173ea3b..0000000
--- a/changes/bug8146_etc
+++ /dev/null
@@ -1,13 +0,0 @@
- o Major bugfixes (security, directory authority):
- - When computing directory thresholds, ignore any rejected-as-sybil
- nodes during the computation so that they can't influence Fast,
- Guard, etc. Fixes bug 8146.
-
- - When computing thresholds for flags, never let the threshold for
- the Fast flag to 4096 bytes. Fixes bug 8145.
- - Do not consider nodes with extremely low bandwidths when deciding
- thresholds for various directory flags. Another fix for 8145.
-
- - When marking a node as a likely sybil, reset its uptime metrics
- to zero, so that it cannot time towards getting marked as Guard,
- Stable, or HSDir. Fix for bug 8147.
diff --git a/changes/bug8153 b/changes/bug8153
deleted file mode 100644
index 9178f25..0000000
--- a/changes/bug8153
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes:
- - Compile correctly with the --disable-curve25519 option. Fix for
- bug 8153; bugfix on 0.2.4.8-alpha.
diff --git a/changes/build_with_msvc b/changes/build_with_msvc
deleted file mode 100644
index 8da0c92..0000000
--- a/changes/build_with_msvc
+++ /dev/null
@@ -1,4 +0,0 @@
- o Features (portability):
- - Build correctly with MSVC and Makefile.nmake. This resolves
- numerous bugs and fixes reported by ultramage, including 7305,
- 7308, 7309, 7310, 7312, 7313, 7315, 7316, and 7669.
diff --git a/changes/double-0-check b/changes/double-0-check
deleted file mode 100644
index 74554cd..0000000
--- a/changes/double-0-check
+++ /dev/null
@@ -1,8 +0,0 @@
- o Build improvements (bizarre platform detection):
- - Try to detect it if we are ever building on a platform where
- memset(...,0,...) does not set the value of a double to 0.0. Such
- platforms are permitted by the C standard, though in practice
- they're pretty rare (since IEEE 754 is nigh-ubiquitous). We don't
- currently support them, but it's better to detect them and fail
- than to perform erroneously.
-
diff --git a/changes/enum_bitfield b/changes/enum_bitfield
deleted file mode 100644
index e69de29..0000000
diff --git a/changes/feature5956 b/changes/feature5956
deleted file mode 100644
index 2e18810..0000000
--- a/changes/feature5956
+++ /dev/null
@@ -1,8 +0,0 @@
- o Major features:
- - When deciding whether we have enough descriptors to build circuits,
- instead of looking at raw circuit counts, look at which fraction of
- (bandwidth-weighted) paths we're able to build. This approach keeps
- clients from building circuits if their paths are likely to stand out
- statistically. The default fraction of paths needed is taken from the
- consensus directory; you can override it with the new
- PathsNeededToBuildCircuits option. Fixes issue 5956.
diff --git a/changes/feature7706 b/changes/feature7706
deleted file mode 100644
index 69b91a6..0000000
--- a/changes/feature7706
+++ /dev/null
@@ -1,9 +0,0 @@
- o Minor features:
- - When any country code is listed in ExcludeNodes or
- ExcludeExitNodes, and we have GeoIP information, also exclude
- all nodes with unknown countries ({??} and {A1} if
- present). This behavior is controlled by the new
- GeoIPExcludeUnknown option: you can make such nodes always
- excluded with 'GeoIPExcludeUnknown 1', and disable the feature
- with 'GeoIPExcludeUnknown 0'. Setting 'GeoIPExcludeUnknown auto'
- gets you the default behavior. Implements feature 7706.
diff --git a/changes/msvc b/changes/msvc
deleted file mode 100644
index 1ae92e3..0000000
--- a/changes/msvc
+++ /dev/null
@@ -1,6 +0,0 @@
- o Build fixes (MSVC):
- - Correctly define HAVE_EVENT_BASE_LOOPEXIT, since we only build
- with MSVC when using Libevent 2.0 or later. Fixes bug 7308.
- Reported by "ultramage".
- - Make the ntor and curve25519 code build correctly with MSVC.
- Fix on 0.2.4.8-alpha.
diff --git a/changes/proposal204 b/changes/proposal204
deleted file mode 100644
index 4c1854b..0000000
--- a/changes/proposal204
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor features:
- - Ignore sub-domain components of a .onion address. This makes HTTP "virtual"
- hosting possible: http://foo.aaaaaaaaaaaaaaaa.onion/ and
- http//bar.aaaaaaaaaaaaaaaa.onion/ can be two different websites hosted at
- the same location. Implements proposal 204.
diff --git a/changes/rename5285 b/changes/rename5285
deleted file mode 100644
index 26ec976..0000000
--- a/changes/rename5285
+++ /dev/null
@@ -1,2 +0,0 @@
- o Code simplifications and refactoring:
- - Rename "isin" functions to "contains", for grammar. Fixes ticket 5285.
diff --git a/changes/rename_log_7599 b/changes/rename_log_7599
deleted file mode 100644
index 38e843f..0000000
--- a/changes/rename_log_7599
+++ /dev/null
@@ -1,4 +0,0 @@
- o Code simplification and refactoring:
- - Rename Tor's logging function log() to tor_log(), to avoid conflicts
- with the natural logarithm function from the system libm. Resolves
- ticket 7599.
diff --git a/changes/rename_queue_macros b/changes/rename_queue_macros
deleted file mode 100644
index 29373ac..0000000
--- a/changes/rename_queue_macros
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes:
- - Rename all macros in our local copy of queue.h to begin with TOR_;
- this seems the only good way to permanently prevent conflicts
- with queue.h on various operating systems. Fixes bug 8107; bugfix on
- 0.2.4.6-alpha.
-
diff --git a/changes/timed_onionqueue b/changes/timed_onionqueue
deleted file mode 100644
index fe54d78..0000000
--- a/changes/timed_onionqueue
+++ /dev/null
@@ -1,11 +0,0 @@
- o Minor features (relay):
- - Instead of limiting the number of queued onionskins to a configured,
- hard-to-configure number, we limit the size of the queue based on how
- many we expect to be able to process in a given amount of time. We
- estimate the time it will take to process an onionskin based on average
- processing time of previous onionskins. Closes ticket 7291. You'll
- never have to configure MaxOnionsPending again.
-
- - We compute the overhead from passing onionskins back and forth to
- cpuworkers, and report it when dumping statistics in response to
- SIGUSR1.
More information about the tor-commits
mailing list