Tor 0.2.1.10-alpha released

Tor 0.2.1.10-alpha fixes two major bugs in bridge relays (one that would
make the bridge relay not so useful if it had DirPort set to 0, and one
that could let an attacker learn a little bit of information about the
bridge's users), and a bug that would cause your Tor relay to ignore a
circuit create request it can't decrypt (rather than reply with an error).
It also fixes a wide variety of other bugs.

https://sedvblmbog.tudasnich.de/download.html.en

Changes in version 0.2.1.10-alpha - 2009-01-06
Major bugfixes:

• If the cached networkstatus consensus is more than five days old,
  discard it rather than trying to use it. In theory it could
  be useful because it lists alternate directory mirrors, but in
  practice it just means we spend many minutes trying directory
  mirrors that are long gone from the network. Helps bug 887 a bit;
  bugfix on 0.2.0.x.
• Bridge relays that had DirPort set to 0 would stop fetching
  descriptors shortly after startup, and then briefly resume
  after a new bandwidth test and/or after publishing a new bridge
  descriptor. Bridge users that try to bootstrap from them would
  get a recent networkstatus but would get descriptors from up to
  18 hours earlier, meaning most of the descriptors were obsolete
  already. Reported by Tas; bugfix on 0.2.0.13-alpha.
• Prevent bridge relays from serving their 'extrainfo' document
  to anybody who asks, now that extrainfo docs include potentially
  sensitive aggregated client geoip summaries. Bugfix on
  0.2.0.13-alpha.

Minor features:

• New controller event "clients_seen" to report a geoip-based summary
  of which countries we've seen clients from recently. Now controllers
  like Vidalia can show bridge operators that they're actually making
  a difference.
• Build correctly against versions of OpenSSL 0.9.8 or later built
  without support for deprecated functions.
  - Update to the "December 19 2008" ip-to-country file.

Minor bugfixes (on 0.2.0.x):

• Authorities now vote for the Stable flag for any router whose
  weighted MTBF is at least 5 days, regardless of the mean MTBF.
• Do not remove routers as too old if we do not have any consensus
  document. Bugfix on 0.2.0.7-alpha.
• Do not accept incomplete ipv4 addresses (like 192.168.0) as valid.
  Spec conformance issue. Bugfix on Tor 0.0.2pre27.
• When an exit relay resolves a stream address to a local IP address,
  do not just keep retrying that same exit relay over and
  over. Instead, just close the stream. Addresses bug 872. Bugfix
  on 0.2.0.32. Patch from rovv.
• If a hidden service sends us an END cell, do not consider
  retrying the connection; just close it. Patch from rovv.
• When we made bridge authorities stop serving bridge descriptors over
  unencrypted links, we also broke DirPort reachability testing for
  bridges. So bridges with a non-zero DirPort were printing spurious
  warns to their logs. Bugfix on 0.2.0.16-alpha. Fixes bug 709.
• When a relay gets a create cell it can't decrypt (e.g. because it's
  using the wrong onion key), we were dropping it and letting the
  client time out. Now actually answer with a destroy cell. Fixes
  bug 904. Bugfix on 0.0.2pre8.
• Squeeze 2-5% out of client performance (according to oprofile) by
  improving the implementation of some policy-manipulation functions.

Minor bugfixes (on 0.2.1.x):

• Make get_interface_address() function work properly again; stop
  guessing the wrong parts of our address as our address.
• Do not cannibalize a circuit if we're out of RELAY_EARLY cells to
  send on that circuit. Otherwise we might violate the proposal-110
  limit. Bugfix on 0.2.1.3-alpha. Partial fix for Bug 878. Diagnosis
  thanks to Karsten.
• When we're sending non-EXTEND cells to the first hop in a circuit,
  for example to use an encrypted directory connection, we don't need
  to use RELAY_EARLY cells: the first hop knows what kind of cell
  it is, and nobody else can even see the cell type. Conserving
  RELAY_EARLY cells makes it easier to cannibalize circuits like
  this later.
• Stop logging nameserver addresses in reverse order.
• If we are retrying a directory download slowly over and over, do
  not automatically give up after the 254th failure. Bugfix on
  0.2.1.9-alpha.
• Resume reporting accurate "stream end" reasons to the local control
  port. They were lost in the changes for Proposal 148. Bugfix on
  0.2.1.9-alpha.

Deprecated and removed features:

• The old "tor --version --version" command, which would print out
  the subversion "Id" of most of the source files, is now removed. It
  turned out to be less useful than we'd expected, and harder to
  maintain.

Code simplifications and refactoring:

• Change our header file guard macros to be less likely to conflict
  with system headers. Adam Langley noticed that we were conflicting
  with log.h on Android.
• Tool-assisted documentation cleanup. Nearly every function or
  static variable in Tor should have its own documentation now.

The original announcement can be found at http://archives.seul.org/or/talk/Jan-2009/msg00078.html