Tor 0.2.1.10-alpha released

by phobos | January 10, 2009

Tor 0.2.1.10-alpha fixes two major bugs in bridge relays (one that would
make the bridge relay not so useful if it had DirPort set to 0, and one
that could let an attacker learn a little bit of information about the
bridge's users), and a bug that would cause your Tor relay to ignore a
circuit create request it can't decrypt (rather than reply with an error).
It also fixes a wide variety of other bugs.

https://sedvblmbog.tudasnich.de/download.html.en

Changes in version 0.2.1.10-alpha - 2009-01-06
Major bugfixes:

  • If the cached networkstatus consensus is more than five days old,
    discard it rather than trying to use it. In theory it could
    be useful because it lists alternate directory mirrors, but in
    practice it just means we spend many minutes trying directory
    mirrors that are long gone from the network. Helps bug 887 a bit;
    bugfix on 0.2.0.x.
  • Bridge relays that had DirPort set to 0 would stop fetching
    descriptors shortly after startup, and then briefly resume
    after a new bandwidth test and/or after publishing a new bridge
    descriptor. Bridge users that try to bootstrap from them would
    get a recent networkstatus but would get descriptors from up to
    18 hours earlier, meaning most of the descriptors were obsolete
    already. Reported by Tas; bugfix on 0.2.0.13-alpha.
  • Prevent bridge relays from serving their 'extrainfo' document
    to anybody who asks, now that extrainfo docs include potentially
    sensitive aggregated client geoip summaries. Bugfix on
    0.2.0.13-alpha.

Minor features:

  • New controller event "clients_seen" to report a geoip-based summary
    of which countries we've seen clients from recently. Now controllers
    like Vidalia can show bridge operators that they're actually making
    a difference.
  • Build correctly against versions of OpenSSL 0.9.8 or later built
    without support for deprecated functions.
    - Update to the "December 19 2008" ip-to-country file.

Minor bugfixes (on 0.2.0.x):

  • Authorities now vote for the Stable flag for any router whose
    weighted MTBF is at least 5 days, regardless of the mean MTBF.
  • Do not remove routers as too old if we do not have any consensus
    document. Bugfix on 0.2.0.7-alpha.
  • Do not accept incomplete ipv4 addresses (like 192.168.0) as valid.
    Spec conformance issue. Bugfix on Tor 0.0.2pre27.
  • When an exit relay resolves a stream address to a local IP address,
    do not just keep retrying that same exit relay over and
    over. Instead, just close the stream. Addresses bug 872. Bugfix
    on 0.2.0.32. Patch from rovv.
  • If a hidden service sends us an END cell, do not consider
    retrying the connection; just close it. Patch from rovv.
  • When we made bridge authorities stop serving bridge descriptors over
    unencrypted links, we also broke DirPort reachability testing for
    bridges. So bridges with a non-zero DirPort were printing spurious
    warns to their logs. Bugfix on 0.2.0.16-alpha. Fixes bug 709.
  • When a relay gets a create cell it can't decrypt (e.g. because it's
    using the wrong onion key), we were dropping it and letting the
    client time out. Now actually answer with a destroy cell. Fixes
    bug 904. Bugfix on 0.0.2pre8.
  • Squeeze 2-5% out of client performance (according to oprofile) by
    improving the implementation of some policy-manipulation functions.

Minor bugfixes (on 0.2.1.x):

  • Make get_interface_address() function work properly again; stop
    guessing the wrong parts of our address as our address.
  • Do not cannibalize a circuit if we're out of RELAY_EARLY cells to
    send on that circuit. Otherwise we might violate the proposal-110
    limit. Bugfix on 0.2.1.3-alpha. Partial fix for Bug 878. Diagnosis
    thanks to Karsten.
  • When we're sending non-EXTEND cells to the first hop in a circuit,
    for example to use an encrypted directory connection, we don't need
    to use RELAY_EARLY cells: the first hop knows what kind of cell
    it is, and nobody else can even see the cell type. Conserving
    RELAY_EARLY cells makes it easier to cannibalize circuits like
    this later.
  • Stop logging nameserver addresses in reverse order.
  • If we are retrying a directory download slowly over and over, do
    not automatically give up after the 254th failure. Bugfix on
    0.2.1.9-alpha.
  • Resume reporting accurate "stream end" reasons to the local control
    port. They were lost in the changes for Proposal 148. Bugfix on
    0.2.1.9-alpha.

Deprecated and removed features:

  • The old "tor --version --version" command, which would print out
    the subversion "Id" of most of the source files, is now removed. It
    turned out to be less useful than we'd expected, and harder to
    maintain.

Code simplifications and refactoring:

  • Change our header file guard macros to be less likely to conflict
    with system headers. Adam Langley noticed that we were conflicting
    with log.h on Android.
  • Tool-assisted documentation cleanup. Nearly every function or
    static variable in Tor should have its own documentation now.

The original announcement can be found at http://archives.seul.org/or/talk/Jan-2009/msg00078.html

Comments

Please note that the comment area below has been archived.

...it's coming. We're working on including FireFox 3, as well as considering a stable and unstable branch for TBB. We'd rather get it right than get it out quick.

PETER (not verified) said:

January 21, 2009

Permalink

wat happend 2 TBB updates? getting delayed. Now there is 2.1.11 is released . Still working on it guys .

phobos

phobos said:

January 22, 2009

Permalink

TBB 1.1.8 is coming today, should include FF3 and Tor 0.2.1.11-alpha.

PETER (not verified) said:

January 23, 2009

Permalink

Thanx phobos u r great! Nice work to all of the Tor projet guys who put lots of efforts to make this

PETER (not verified) said:

January 23, 2009

Permalink

Warning message in TBB Controler used oboselete addr-mappings/GETINFO Key; use-address-mappings/instead. Please fix this problem