[e-privacy] Tor 0.1.2.6-alpha is out
Aureliano Rama
aure at telematikamente.com
Thu Jan 11 16:11:03 CET 2007
in effetti è già uscita anche la 0.1.2.6
----- Forwarded message -----
This is the sixth development snapshot for the 0.1.2.x series. It fixes
two server crash bugs in 0.1.2.5-alpha.
(Not all packages are up on the website yet, but they should be there
in the next day or two.)
http://tor.eff.org/download.html
Changes in version 0.1.2.6-alpha - 2007-01-09
o Major bugfixes:
- Fix an assert error introduced in 0.1.2.5-alpha: if a single TLS
connection handles more than 4 gigs in either direction, we crash.
- Fix an assert error introduced in 0.1.2.5-alpha: if we're an
advertised exit node, somebody might try to exit from us when
we're bootstrapping and before we've built your descriptor yet.
Refuse the connection rather than crashing.
o Minor bugfixes:
- Warn if we (as a server) find that we've resolved an address that we
weren't planning to resolve.
- Warn that using select() on any libevent version before 1.1 will be
unnecessarily slow (even for select()).
- Flush ERR-level controller status events just like we currently
flush ERR-level log events, so that a Tor shutdown doesn't prevent
the controller from learning about current events.
o Minor features (more controller status events):
- Implement EXTERNAL_ADDRESS server status event so controllers can
learn when our address changes.
- Implement BAD_SERVER_DESCRIPTOR server status event so controllers
can learn when directories reject our descriptor.
- Implement SOCKS_UNKNOWN_PROTOCOL client status event so controllers
can learn when a client application is speaking a non-socks protocol
to our SocksPort.
- Implement DANGEROUS_SOCKS client status event so controllers
can learn when a client application is leaking DNS addresses.
- Implement BUG general status event so controllers can learn when
Tor is unhappy about its internal invariants.
- Implement CLOCK_SKEW general status event so controllers can learn
when Tor thinks the system clock is set incorrectly.
- Implement GOOD_SERVER_DESCRIPTOR and ACCEPTED_SERVER_DESCRIPTOR
server status events so controllers can learn when their descriptors
are accepted by a directory.
- Implement CHECKING_REACHABILITY and REACHABILITY_{SUCCEEDED|FAILED}
server status events so controllers can learn about Tor's progress in
deciding whether it's reachable from the outside.
- Implement BAD_LIBEVENT general status event so controllers can learn
when we have a version/method combination in libevent that needs to
be changed.
- Implement NAMESERVER_STATUS, NAMESERVER_ALL_DOWN, DNS_HIJACKED,
and DNS_USELESS server status events so controllers can learn
about changes to DNS server status.
o Minor features (directory):
- Authorities no longer recommend exits as guards if this would shift
too much load to the exit nodes.
> ----- Forwarded message -----
> Subject: Tor 0.1.2.5-alpha is out
> Date: Sun, 7 Jan 2007 04:11:39 -0500
> Reply-To: or-talk at freehaven.net
> This is the fifth development snapshot for the 0.1.2.x series. It enables
> write limiting by default, makes NT services more convenient and more
> correct, includes better detection for misbehaving DNS on servers,
> and a bunch of other features and bugfixes. It also ships with the new
> Vidalia 0.0.10 release.
> http://tor.eff.org/download.html
> Changes in version 0.1.2.5-alpha - 2007-01-06
> o Major features:
> - Enable write limiting as well as read limiting. Now we sacrifice
> capacity if we're pushing out lots of directory traffic, rather
> than overrunning the user's intended bandwidth limits.
> - Include TLS overhead when counting bandwidth usage; previously, we
> would count only the bytes sent over TLS, but not the bytes used
> to send them.
> - Support running the Tor service with a torrc not in the same
> directory as tor.exe and default to using the torrc located in
> the %appdata%\Tor\ of the user who installed the service. Patch
> from Matt Edman.
> - Servers now check for the case when common DNS requests are going to
> wildcarded addresses (i.e. all getting the same answer), and change
> their exit policy to reject *:* if it's happening.
> - Implement BEGIN_DIR cells, so we can connect to the directory
> server via TLS to do encrypted directory requests rather than
> plaintext. Enable via the TunnelDirConns and PreferTunneledDirConns
> config options if you like. This still needs more debugging before
> people other than developers should try it.
> o Minor features (config and docs):
> - Start using the state file to store bandwidth accounting data:
> the bw_accounting file is now obsolete. We'll keep generating it
> for a while for people who are still using 0.1.2.4-alpha.
> - Try to batch changes to the state file so that we do as few
> disk writes as possible while still storing important things in
> a timely fashion.
> - The state file and the bw_accounting file get saved less often when
> the AvoidDiskWrites config option is set.
> - Make PIDFile work on Windows (untested).
> - Add internal descriptions for a bunch of configuration options:
> accessible via controller interface and in comments in saved
> options files.
> - Reject *:563 (NNTPS) in the default exit policy. We already reject
> NNTP by default, so this seems like a sensible addition.
> - Clients now reject hostnames with invalid characters. This should
> avoid some inadvertent info leaks. Add an option
> AllowNonRFC953Hostnames to disable this behavior, in case somebody
> is running a private network with hosts called @, !, and #.
> - Add a maintainer script to tell us which options are missing
> documentation: "make check-docs".
> - Add a new address-spec.txt document to describe our special-case
> addresses: .exit, .onion, and .noconnnect.
> o Minor features (DNS):
> - Ongoing work on eventdns infrastructure: now it has dns server
> and ipv6 support. One day Tor will make use of it.
> - Add client-side caching for reverse DNS lookups.
> - Add support to tor-resolve tool for reverse lookups and SOCKS5.
> - When we change nameservers or IP addresses, reset and re-launch
> our tests for DNS hijacking.
> o Minor features (directory):
> - Authorities now specify server versions in networkstatus. This adds
> about 2% to the side of compressed networkstatus docs, and allows
> clients to tell which servers support BEGIN_DIR and which don't.
> The implementation is forward-compatible with a proposed future
> protocol version scheme not tied to Tor versions.
> - DirServer configuration lines now have an orport= option so
> clients can open encrypted tunnels to the authorities without
> having downloaded their descriptors yet. Enabled for moria1,
> moria2, tor26, and lefkada now in the default configuration.
> - Directory servers are more willing to send a 503 "busy" if they
> are near their write limit, especially for v1 directory requests.
> Now they can use their limited bandwidth for actual Tor traffic.
> - Clients track responses with status 503 from dirservers. After a
> dirserver has given us a 503, we try not to use it until an hour has
> gone by, or until we have no dirservers that haven't given us a 503.
> - When we get a 503 from a directory, and we're not a server, we don't
> count the failure against the total number of failures allowed
> for the thing we're trying to download.
> - Report X-Your-Address-Is correctly from tunneled directory
> connections; don't report X-Your-Address-Is when it's an internal
> address; and never believe reported remote addresses when they're
> internal.
> - Protect against an unlikely DoS attack on directory servers.
> - Add a BadDirectory flag to network status docs so that authorities
> can (eventually) tell clients about caches they believe to be
> broken.
> o Minor features (controller):
> - Have GETINFO dir/status/* work on hosts with DirPort disabled.
> - Reimplement GETINFO so that info/names stays in sync with the
> actual keys.
> - Implement "GETINFO fingerprint".
> - Implement "SETEVENTS GUARD" so controllers can get updates on
> entry guard status as it changes.
> o Minor features (clean up obsolete pieces):
> - Remove some options that have been deprecated since at least
> 0.1.0.x: AccountingMaxKB, LogFile, DebugLogFile, LogLevel, and
> SysLog. Use AccountingMax instead of AccountingMaxKB, and use Log
> to set log options.
> - We no longer look for identity and onion keys in "identity.key" and
> "onion.key" -- these were replaced by secret_id_key and
> secret_onion_key in 0.0.8pre1.
> - We no longer require unrecognized directory entries to be
> preceded by "opt".
> o Major bugfixes (security):
> - Stop sending the HttpProxyAuthenticator string to directory
> servers when directory connections are tunnelled through Tor.
> - Clients no longer store bandwidth history in the state file.
> - Do not log introduction points for hidden services if SafeLogging
> is set.
> - When generating bandwidth history, round down to the nearest
> 1k. When storing accounting data, round up to the nearest 1k.
> - When we're running as a server, remember when we last rotated onion
> keys, so that we will rotate keys once they're a week old even if
> we never stay up for a week ourselves.
> o Major bugfixes (other):
> - Fix a longstanding bug in eventdns that prevented the count of
> timed-out resolves from ever being reset. This bug caused us to
> give up on a nameserver the third time it timed out, and try it
> 10 seconds later... and to give up on it every time it timed out
> after that.
> - Take out the '5 second' timeout from the connection retry
> schedule. Now the first connect attempt will wait a full 10
> seconds before switching to a new circuit. Perhaps this will help
> a lot. Based on observations from Mike Perry.
> - Fix a bug on the Windows implementation of tor_mmap_file() that
> would prevent the cached-routers file from ever loading. Reported
> by John Kimble.
> o Minor bugfixes:
> - Fix an assert failure when a directory authority sets
> AuthDirRejectUnlisted and then receives a descriptor from an
> unlisted router. Reported by seeess.
> - Avoid a double-free when parsing malformed DirServer lines.
> - Fix a bug when a BSD-style PF socket is first used. Patch from
> Fabian Keil.
> - Fix a bug in 0.1.2.2-alpha that prevented clients from asking
> to resolve an address at a given exit node even when they ask for
> it by name.
> - Servers no longer ever list themselves in their "family" line,
> even if configured to do so. This makes it easier to configure
> family lists conveniently.
> - When running as a server, don't fall back to 127.0.0.1 when no
> nameservers are configured in /etc/resolv.conf; instead, make the
> user fix resolv.conf or specify nameservers explicitly. (Resolves
> bug 363.)
> - Stop accepting certain malformed ports in configured exit policies.
> - Don't re-write the fingerprint file every restart, unless it has
> changed.
> - Stop warning when a single nameserver fails: only warn when _all_ of
> our nameservers have failed. Also, when we only have one nameserver,
> raise the threshold for deciding that the nameserver is dead.
> - Directory authorities now only decide that routers are reachable
> if their identity keys are as expected.
> - When the user uses bad syntax in the Log config line, stop
> suggesting other bad syntax as a replacement.
> - Correctly detect ipv6 DNS capability on OpenBSD.
> o Minor bugfixes (controller):
> - Report the circuit number correctly in STREAM CLOSED events. Bug
> reported by Mike Perry.
> - Do not report bizarre values for results of accounting GETINFOs
> when the last second's write or read exceeds the allotted bandwidth.
> - Report "unrecognized key" rather than an empty string when the
> controller tries to fetch a networkstatus that doesn't exist.
More information about the E-privacy
mailing list