[tor-talk] Tor is out

Roger Dingledine arma at mit.edu
Sun Sep 4 05:47:49 UTC 2011

Tor adds a new "stream isolation" feature to improve Tor's
security, and provides client-side support for the microdescriptor
and optimistic data features introduced earlier in the 0.2.3.x
series. It also includes numerous critical bugfixes in the (optional)
bufferevent-based networking backend.


Packages for 0.2.3.x aren't up yet, but hopefully they'll be up in a
few days.

Changes in version - 2011-09-01
  o Major features (stream isolation):
    - You can now configure Tor so that streams from different
      applications are isolated on different circuits, to prevent an
      attacker who sees your streams as they leave an exit node from
      linking your sessions to one another. To do this, choose some way
      to distinguish the applications: have them connect to different
      SocksPorts, or have one of them use SOCKS4 while the other uses
      SOCKS5, or have them pass different authentication strings to the
      SOCKS proxy. Then, use the new SocksPort syntax to configure the
      degree of isolation you need. This implements Proposal 171.
    - There's a new syntax for specifying multiple client ports (such as
      SOCKSPort, TransPort, DNSPort, NATDPort): you can now just declare
      multiple *Port entries with full addr:port syntax on each.
      The old *ListenAddress format is still supported, but you can't
      mix it with the new *Port syntax.

  o Major features (other):
    - Enable microdescriptor fetching by default for clients. This allows
      clients to download a much smaller amount of directory information.
      To disable it (and go back to the old-style consensus and
      descriptors), set "UseMicrodescriptors 0" in your torrc file.
    - Tor's firewall-helper feature, introduced in (see the
      "PortForwarding" config option), now supports Windows.
    - When using an exit relay running 0.2.3.x, clients can now
      "optimistically" send data before the exit relay reports that
      the stream has opened. This saves a round trip when starting
      connections where the client speaks first (such as web browsing).
      This behavior is controlled by a consensus parameter (currently
      disabled). To turn it on or off manually, use the "OptimisticData"
      torrc option. Implements proposal 181; code by Ian Goldberg.

  o Major bugfixes (bufferevents, fixes on
    - When using IOCP on Windows, we need to enable Libevent windows
      threading support.
    - The IOCP backend now works even when the user has not specified
      the (internal, debugging-only) _UseFilteringSSLBufferevents option.
      Fixes part of bug 3752.
    - Correctly record the bytes we've read and written when using
      bufferevents, so that we can include them in our bandwidth history
      and advertised bandwidth. Fixes bug 3803.
    - Apply rate-limiting only at the bottom of a chain of filtering
      bufferevents. This prevents us from filling up internal read
      buffers and violating rate-limits when filtering bufferevents
      are enabled. Fixes part of bug 3804.
    - Add high-watermarks to the output buffers for filtered
      bufferevents. This prevents us from filling up internal write
      buffers and wasting CPU cycles when filtering bufferevents are
      enabled. Fixes part of bug 3804.
    - Correctly notice when data has been written from a bufferevent
      without flushing it completely. Fixes bug 3805.
    - Fix a bug where server-side tunneled bufferevent-based directory
      streams would get closed prematurely. Fixes bug 3814.
    - Fix a use-after-free error with per-connection rate-limiting
      buckets. Fixes bug 3888.

  o Major bugfixes (also part of
    - If we're configured to write our ControlPorts to disk, only write
      them after switching UID and creating the data directory. This way,
      we don't fail when starting up with a nonexistent DataDirectory
      and a ControlPortWriteToFile setting based on that directory. Fixes
      bug 3747; bugfix on Tor

  o Minor features:
    - Added a new CONF_CHANGED event so that controllers can be notified
      of any configuration changes made by other controllers, or by the
      user. Implements ticket 1692.
    - Use evbuffer_copyout() in inspect_evbuffer(). This fixes a memory
      leak when using bufferevents, and lets Libevent worry about how to
      best copy data out of a buffer.
    - Replace files in stats/ rather than appending to them. Now that we
      include statistics in extra-info descriptors, it makes no sense to
      keep old statistics forever. Implements ticket 2930.

  o Minor features (build compatibility):
    - Limited, experimental support for building with nmake and MSVC.
    - Provide a substitute implementation of lround() for MSVC, which
      apparently lacks it. Patch from Gisle Vanem.

  o Minor features (also part of
    - Update to the August 2 2011 Maxmind GeoLite Country database.

  o Minor bugfixes (on 0.2.3.x-alpha):
    - Fix a spurious warning when parsing SOCKS requests with
      bufferevents enabled. Fixes bug 3615; bugfix on
    - Get rid of a harmless warning that could happen on relays running
      with bufferevents. The warning was caused by someone doing an http
      request to a relay's orport. Also don't warn for a few related
      non-errors. Fixes bug 3700; bugfix on

  o Minor bugfixes (on 2.2.x and earlier):
    - Correct the man page to explain that HashedControlPassword and
      CookieAuthentication can both be set, in which case either method
      is sufficient to authenticate to Tor. Bugfix on,
      when we decided to allow these config options to both be set. Issue
      raised by bug 3898.
    - The "--quiet" and "--hush" options now apply not only to Tor's
      behavior before logs are configured, but also to Tor's behavior in
      the absense of configured logs. Fixes bug 3550; bugfix on

  o Minor bugfixes (also part of
    - Write several files in text mode, on OSes that distinguish text
      mode from binary mode (namely, Windows). These files are:
      'buffer-stats', 'dirreq-stats', and 'entry-stats' on relays
      that collect those statistics; 'client_keys' and 'hostname' for
      hidden services that use authentication; and (in the tor-gencert
      utility) newly generated identity and signing keys. Previously,
      we wouldn't specify text mode or binary mode, leading to an
      assertion failure. Fixes bug 3607. Bugfix on (when
      the DirRecordUsageByCountry option which would have triggered
      the assertion failure was added), although this assertion failure
      would have occurred in tor-gencert on Windows in
    - Selectively disable deprecation warnings on OS X because Lion
      started deprecating the shipped copy of openssl. Fixes bug 3643.
    - Remove an extra pair of quotation marks around the error
      message in control-port STATUS_GENERAL BUG events. Bugfix on; fixes bug 3732.
    - When unable to format an address as a string, report its value
      as "???" rather than reusing the last formatted address. Bugfix

  o Code simplifications and refactoring:
    - Rewrite the listener-selection logic so that parsing which ports
      we want to listen on is now separate from binding to the ports
      we want.

  o Build changes:
    - Building Tor with bufferevent support now requires Libevent
      2.0.13-stable or later. Previous versions of Libevent had bugs in
      SSL-related bufferevents and related issues that would make Tor
      work badly with bufferevents. Requiring 2.0.13-stable also allows
      Tor with bufferevents to take advantage of Libevent APIs
      introduced after 2.0.8-rc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110904/5819e3a3/attachment.pgp>

More information about the tor-talk mailing list