From 03bdb4d5cef676a4332e7982d004afe4ff9110c1 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Mon, 4 Feb 2013 17:06:01 -0500 Subject: fold in changes for 0.2.4.10-alpha --- ChangeLog | 138 +++++++++++++++++++++++++++++++++++++++++++- changes/4664 | 4 -- changes/7304 | 7 --- changes/bug5823 | 5 -- changes/bug6826 | 5 -- changes/bug7115 | 4 -- changes/bug7708 | 5 -- changes/bug7802 | 11 ---- changes/bug7889 | 8 --- changes/bug7896 | 3 - changes/bug7972 | 5 -- changes/bug8093 | 4 -- changes/bug8146_etc | 13 ----- changes/bug8153 | 3 - changes/build_with_msvc | 4 -- changes/double-0-check | 8 --- changes/enum_bitfield | 0 changes/feature5956 | 8 --- changes/feature7706 | 9 --- changes/msvc | 6 -- changes/proposal204 | 5 -- changes/rename5285 | 2 - changes/rename_log_7599 | 4 -- changes/rename_queue_macros | 6 -- changes/timed_onionqueue | 11 ---- 25 files changed, 137 insertions(+), 141 deletions(-) delete mode 100644 changes/4664 delete mode 100644 changes/7304 delete mode 100644 changes/bug5823 delete mode 100644 changes/bug6826 delete mode 100644 changes/bug7115 delete mode 100644 changes/bug7708 delete mode 100644 changes/bug7802 delete mode 100644 changes/bug7889 delete mode 100644 changes/bug7896 delete mode 100644 changes/bug7972 delete mode 100644 changes/bug8093 delete mode 100644 changes/bug8146_etc delete mode 100644 changes/bug8153 delete mode 100644 changes/build_with_msvc delete mode 100644 changes/double-0-check delete mode 100644 changes/enum_bitfield delete mode 100644 changes/feature5956 delete mode 100644 changes/feature7706 delete mode 100644 changes/msvc delete mode 100644 changes/proposal204 delete mode 100644 changes/rename5285 delete mode 100644 changes/rename_log_7599 delete mode 100644 changes/rename_queue_macros delete mode 100644 changes/timed_onionqueue diff --git a/ChangeLog b/ChangeLog index 7c5a490c42..0ed7f56c7c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,140 @@ -Changes in version 0.2.4.10-alpha - 2013-0?-?? +Changes in version 0.2.4.10-alpha - 2013-02-04 + Tor 0.2.4.10-alpha adds defenses at the directory authority level from + certain attacks that flood the network with relays; changes the queue + for circuit create requests from a sized-based limit to a time-based + limit; resumes building with MSVC on Windows; and fixes a wide variety + of other issues. + + o Major bugfixes (directory authority): + - When computing directory thresholds, ignore any rejected-as-sybil + nodes during the computation so that they can't influence Fast, + Guard, etc. (We shoud have done this for proposal 109.) Fixes + bug 8146. + - When marking a node as a likely sybil, reset its uptime metrics + to zero, so that it cannot time towards getting marked as Guard, + Stable, or HSDir. (We shoud have done this for proposal 109.) Fixes + bug 8147. + + o Major bugfixes: + - When a TLS write is partially successful but incomplete, remember + that the flushed part has been flushed, and notice that bytes were + actually written. Reported and fixed pseudonymously. Fixes bug + 7708; bugfix on Tor 0.1.0.5-rc. + - Reject bogus create and relay cells with 0 circuit ID or 0 stream + ID: these could be used to create unexpected streams and circuits + which would count as "present" to some parts of Tor but "absent" + to others, leading to zombie circuits and streams or to a bandwidth + denial-of-service. Fixes bug 7889; bugfix on every released version + of Tor. Reported by "oftc_must_be_destroyed". + - Rename all macros in our local copy of queue.h to begin with "TOR_". + This change seems the only good way to permanently prevent conflicts + with queue.h on various operating systems. Fixes bug 8107; bugfix + on 0.2.4.6-alpha. + + o Major features (relay): + - Instead of limiting the number of queued onionskins (aka circuit + create requests) to a fixed, hard-to-configure number, we limit + the size of the queue based on how many we expect to be able to + process in a given amount of time. We estimate the time it will + take to process an onionskin based on average processing time + of previous onionskins. Closes ticket 7291. You'll never have to + configure MaxOnionsPending again. + + o Major features (portability): + - Resume building correctly with MSVC and Makefile.nmake. This patch + resolves numerous bugs and fixes reported by ultramage, including + 7305, 7308, 7309, 7310, 7312, 7313, 7315, 7316, and 7669. + - Make the ntor and curve25519 code build correctly with MSVC. + Fix on 0.2.4.8-alpha. + + o Minor features: + - When directory authorities are computing thresholds for flags, + never let the threshold for the Fast flag fall below 4096 + bytes. Also, do not consider nodes with extremely low bandwidths + when deciding thresholds for various directory flags. This change + should raise our threshold for Fast relays, possibly in turn + improving overall network performance; see ticket 1854. Resolves + ticket 8145. + - The Tor client now ignores sub-domain components of a .onion + address. This change makes HTTP "virtual" hosting + possible: http://foo.aaaaaaaaaaaaaaaa.onion/ and + http://bar.aaaaaaaaaaaaaaaa.onion/ can be two different websites + hosted on the same hidden service. Implements proposal 204. + - We compute the overhead from passing onionskins back and forth to + cpuworkers, and report it when dumping statistics in response to + SIGUSR1. Supports ticket 7291. + + o Minor features (path selection): + - When deciding whether we have enough descriptors to build circuits, + instead of looking at raw relay counts, look at which fraction + of (bandwidth-weighted) paths we're able to build. This approach + keeps clients from building circuits if their paths are likely to + stand out statistically. The default fraction of paths needed is + taken from the consensus directory; you can override it with the + new PathsNeededToBuildCircuits option. Fixes ticket 5956. + - When any country code is listed in ExcludeNodes or ExcludeExitNodes, + and we have GeoIP information, also exclude all nodes with unknown + countries "??" and "A1". This behavior is controlled by the + new GeoIPExcludeUnknown option: you can make such nodes always + excluded with "GeoIPExcludeUnknown 1", and disable the feature + with "GeoIPExcludeUnknown 0". Setting "GeoIPExcludeUnknown auto" + gets you the default behavior. Implements feature 7706. + - Path Use Bias: Perform separate accounting for successful circuit + use. Keep separate statistics on stream attempt rates versus stream + success rates for each guard. Provide configurable thresholds to + determine when to emit log messages or disable use of guards that + fail too many stream attempts. Resolves ticket 7802. + + o Minor features (log messages): + - When learning a fingerprint for a bridge, log its corresponding + transport type. Implements ticket 7896. + - Improve the log message when "Bug/attack: unexpected sendme cell + from client" occurs, to help us track bug 8093. + + o Minor bugfixes: + - Remove a couple of extraneous semicolons that were upsetting the + cparser library. Patch by Christian Grothoff. Fixes bug 7115; + bugfix on 0.2.2.1-alpha. + - Remove a source of rounding error during path bias count scaling; + don't count cannibalized circuits as used for path bias until we + actually try to use them; and fix a circuit_package_relay_cell() + warning message about n_chan==NULL. Fixes bug 7802. + - Detect nacl when its headers are in a nacl/ subdirectory. Also, + actually link against nacl when we're configured to use it. Fixes + bug 7972; bugfix on 0.2.4.8-alpha. + - Compile correctly with the --disable-curve25519 option. Fixes + bug 8153; bugfix on 0.2.4.8-alpha. + + o Build improvements: + - Do not report status verbosely from autogen.sh unless the -v flag + is specified. Fixes issue 4664. Patch from Onizuka. + - Replace all calls to snprintf() outside of src/ext with + tor_snprintf(). Also remove the #define to replace snprintf with + _snprintf on Windows; they have different semantics, and all of + our callers should be using tor_snprintf() anyway. Fixes bug 7304. + - Try to detect if we are ever building on a platform where + memset(...,0,...) does not set the value of a double to 0.0. Such + platforms are permitted by the C standard, though in practice + they're pretty rare (since IEEE 754 is nigh-ubiquitous). We don't + currently support them, but it's better to detect them and fail + than to perform erroneously. + + o Removed features: + - Stop exporting estimates of v2 and v3 directory traffic shares + in extrainfo documents. They were unneeded and sometimes inaccurate. + Also stop exporting any v2 directory request statistics. Resolves + ticket 5823. + - Drop support for detecting and warning about versions of Libevent + before 1.3e. Nothing reasonable ships with them any longer; + warning the user about them shouldn't be needed. Resolves ticket + 6826. + + o Code simplifications and refactoring: + - Rename "isin" functions to "contains", for grammar. Resolves + ticket 5285. + - Rename Tor's logging function log() to tor_log(), to avoid conflicts + with the natural logarithm function from the system libm. Resolves + ticket 7599. Changes in version 0.2.4.9-alpha - 2013-01-15 diff --git a/changes/4664 b/changes/4664 deleted file mode 100644 index eb81da925e..0000000000 --- a/changes/4664 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (build): - - Do not report status verbosely from autogen.sh unless the -v flag - is specified. Fixes issue 4664. Patch from Onizuka. - diff --git a/changes/7304 b/changes/7304 deleted file mode 100644 index bfb797b107..0000000000 --- a/changes/7304 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - Replace all calls to snprintf outside of src/ext with tor_snprintf. - Fix for bug 7304. - o Code simplification and refactoring: - - Remove the #define to replace snprintf with _snprintf on windows; - they have different semantics, and all of our callers should be - using tor_snprintf anyway. Partial fix for bug 7304. diff --git a/changes/bug5823 b/changes/bug5823 deleted file mode 100644 index d76b590889..0000000000 --- a/changes/bug5823 +++ /dev/null @@ -1,5 +0,0 @@ - o Removed featurs: - - Stop exporting estimates of v2 and v3 directory traffic shares - in extrainfo documents. They were unneeded and sometimes inaccurate. - Also stop exporting any v2 directory request statistics. Resolves - ticket 5823. diff --git a/changes/bug6826 b/changes/bug6826 deleted file mode 100644 index 6eba19bced..0000000000 --- a/changes/bug6826 +++ /dev/null @@ -1,5 +0,0 @@ - o Removed features: - - Drop support for detecting and warning about versions of Libevent - before 1.3e. Nothing reasonable ships with them any longer; - warning the user about them shouldn't be needed. Resolves ticket - 6826. diff --git a/changes/bug7115 b/changes/bug7115 deleted file mode 100644 index 976b9a9e85..0000000000 --- a/changes/bug7115 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (portability) - - Remove a couple of extraneous semicolos that were upsetting the - cparser library. Patch by Christian Grothoff. Fixes bug 7115; - bugfix on 0.2.2.1-alpha. diff --git a/changes/bug7708 b/changes/bug7708 deleted file mode 100644 index e272adf227..0000000000 --- a/changes/bug7708 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - When a TLS write is partially successful but incomplete, remember - that the flushed part has been flushed, and notice that bytes were - actually written. Reported and fixed pseudonymously. Fixes bug - 7708; bugfix on Tor 0.1.0.5-rc. diff --git a/changes/bug7802 b/changes/bug7802 deleted file mode 100644 index 9bc0f36fe1..0000000000 --- a/changes/bug7802 +++ /dev/null @@ -1,11 +0,0 @@ - o Minor features: - - Path Use Bias: Perform separate accounting for successful circuit use. - Separate statistics on stream attempt versus success rates are kept - for each guard. Configurable thresholds are provided to determine - when to emit log messages or disable use of guards that fail too - many stream attempts. - o Minor bugfixes: - - Remove a source of rounding error during path bias count scaling. - - Don't count cannibalized circuits as used for path bias until we - actually try to use them. - - Fix circuit_package_relay_cell warning message about n_chan==NULL. diff --git a/changes/bug7889 b/changes/bug7889 deleted file mode 100644 index ce99a59ce5..0000000000 --- a/changes/bug7889 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes: - - Reject bogus create and relay cells with 0 circuit ID or 0 stream - ID: these could be used to create unexpected streams and circuits - which would count as "present" to some parts of Tor but "absent" - to others, leading to zombie circuits and streams or to a - bandwidth DOS. Fixes bug 7889; bugfix on every released version of - Tor. Reported by "oftc_must_be_destroyed". - diff --git a/changes/bug7896 b/changes/bug7896 deleted file mode 100644 index 9eecaa6ab9..0000000000 --- a/changes/bug7896 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - When learning a fingerprint for a bridge, log its corresponding - transport type. Implements ticket 7896. diff --git a/changes/bug7972 b/changes/bug7972 deleted file mode 100644 index 6e1fce69c8..0000000000 --- a/changes/bug7972 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Detect nacl when its headers are in a nacl/ subdirectory. Fixes bug - 7972; bugfix on 0.2.4.8-alpha. - - Actually link against nacl when we're configured to use it. Fixes bug - 7972; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug8093 b/changes/bug8093 deleted file mode 100644 index cbddfd990f..0000000000 --- a/changes/bug8093 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Improve the log message when "Bug/attack: unexpected sendme cell - from client" occurs, to help us track bug 8093. - diff --git a/changes/bug8146_etc b/changes/bug8146_etc deleted file mode 100644 index 173ea3b58d..0000000000 --- a/changes/bug8146_etc +++ /dev/null @@ -1,13 +0,0 @@ - o Major bugfixes (security, directory authority): - - When computing directory thresholds, ignore any rejected-as-sybil - nodes during the computation so that they can't influence Fast, - Guard, etc. Fixes bug 8146. - - - When computing thresholds for flags, never let the threshold for - the Fast flag to 4096 bytes. Fixes bug 8145. - - Do not consider nodes with extremely low bandwidths when deciding - thresholds for various directory flags. Another fix for 8145. - - - When marking a node as a likely sybil, reset its uptime metrics - to zero, so that it cannot time towards getting marked as Guard, - Stable, or HSDir. Fix for bug 8147. diff --git a/changes/bug8153 b/changes/bug8153 deleted file mode 100644 index 9178f25bac..0000000000 --- a/changes/bug8153 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Compile correctly with the --disable-curve25519 option. Fix for - bug 8153; bugfix on 0.2.4.8-alpha. diff --git a/changes/build_with_msvc b/changes/build_with_msvc deleted file mode 100644 index 8da0c92bc2..0000000000 --- a/changes/build_with_msvc +++ /dev/null @@ -1,4 +0,0 @@ - o Features (portability): - - Build correctly with MSVC and Makefile.nmake. This resolves - numerous bugs and fixes reported by ultramage, including 7305, - 7308, 7309, 7310, 7312, 7313, 7315, 7316, and 7669. diff --git a/changes/double-0-check b/changes/double-0-check deleted file mode 100644 index 74554cd272..0000000000 --- a/changes/double-0-check +++ /dev/null @@ -1,8 +0,0 @@ - o Build improvements (bizarre platform detection): - - Try to detect it if we are ever building on a platform where - memset(...,0,...) does not set the value of a double to 0.0. Such - platforms are permitted by the C standard, though in practice - they're pretty rare (since IEEE 754 is nigh-ubiquitous). We don't - currently support them, but it's better to detect them and fail - than to perform erroneously. - diff --git a/changes/enum_bitfield b/changes/enum_bitfield deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/changes/feature5956 b/changes/feature5956 deleted file mode 100644 index 2e18810588..0000000000 --- a/changes/feature5956 +++ /dev/null @@ -1,8 +0,0 @@ - o Major features: - - When deciding whether we have enough descriptors to build circuits, - instead of looking at raw circuit counts, look at which fraction of - (bandwidth-weighted) paths we're able to build. This approach keeps - clients from building circuits if their paths are likely to stand out - statistically. The default fraction of paths needed is taken from the - consensus directory; you can override it with the new - PathsNeededToBuildCircuits option. Fixes issue 5956. diff --git a/changes/feature7706 b/changes/feature7706 deleted file mode 100644 index 69b91a67ec..0000000000 --- a/changes/feature7706 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor features: - - When any country code is listed in ExcludeNodes or - ExcludeExitNodes, and we have GeoIP information, also exclude - all nodes with unknown countries ({??} and {A1} if - present). This behavior is controlled by the new - GeoIPExcludeUnknown option: you can make such nodes always - excluded with 'GeoIPExcludeUnknown 1', and disable the feature - with 'GeoIPExcludeUnknown 0'. Setting 'GeoIPExcludeUnknown auto' - gets you the default behavior. Implements feature 7706. diff --git a/changes/msvc b/changes/msvc deleted file mode 100644 index 1ae92e3f2e..0000000000 --- a/changes/msvc +++ /dev/null @@ -1,6 +0,0 @@ - o Build fixes (MSVC): - - Correctly define HAVE_EVENT_BASE_LOOPEXIT, since we only build - with MSVC when using Libevent 2.0 or later. Fixes bug 7308. - Reported by "ultramage". - - Make the ntor and curve25519 code build correctly with MSVC. - Fix on 0.2.4.8-alpha. diff --git a/changes/proposal204 b/changes/proposal204 deleted file mode 100644 index 4c1854b1ed..0000000000 --- a/changes/proposal204 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Ignore sub-domain components of a .onion address. This makes HTTP "virtual" - hosting possible: http://foo.aaaaaaaaaaaaaaaa.onion/ and - http//bar.aaaaaaaaaaaaaaaa.onion/ can be two different websites hosted at - the same location. Implements proposal 204. diff --git a/changes/rename5285 b/changes/rename5285 deleted file mode 100644 index 26ec976e2c..0000000000 --- a/changes/rename5285 +++ /dev/null @@ -1,2 +0,0 @@ - o Code simplifications and refactoring: - - Rename "isin" functions to "contains", for grammar. Fixes ticket 5285. diff --git a/changes/rename_log_7599 b/changes/rename_log_7599 deleted file mode 100644 index 38e843f066..0000000000 --- a/changes/rename_log_7599 +++ /dev/null @@ -1,4 +0,0 @@ - o Code simplification and refactoring: - - Rename Tor's logging function log() to tor_log(), to avoid conflicts - with the natural logarithm function from the system libm. Resolves - ticket 7599. diff --git a/changes/rename_queue_macros b/changes/rename_queue_macros deleted file mode 100644 index 29373ac234..0000000000 --- a/changes/rename_queue_macros +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - Rename all macros in our local copy of queue.h to begin with TOR_; - this seems the only good way to permanently prevent conflicts - with queue.h on various operating systems. Fixes bug 8107; bugfix on - 0.2.4.6-alpha. - diff --git a/changes/timed_onionqueue b/changes/timed_onionqueue deleted file mode 100644 index fe54d78ac8..0000000000 --- a/changes/timed_onionqueue +++ /dev/null @@ -1,11 +0,0 @@ - o Minor features (relay): - - Instead of limiting the number of queued onionskins to a configured, - hard-to-configure number, we limit the size of the queue based on how - many we expect to be able to process in a given amount of time. We - estimate the time it will take to process an onionskin based on average - processing time of previous onionskins. Closes ticket 7291. You'll - never have to configure MaxOnionsPending again. - - - We compute the overhead from passing onionskins back and forth to - cpuworkers, and report it when dumping statistics in response to - SIGUSR1. -- cgit v1.2.3-54-g00ecf