Bug #261693 “Please sync tor 0.2.0.31-1 (universe) from Debian u...” : Bugs : tor package : Ubuntu

Revision history for this message

John Dong (jdong) wrote on 2008-09-25:

#1

As I communicated in IRC earlier today, we are well past Feature Freeze and bordering on beta freeze. During this phase it's not customary to import new versions of packages but focus on bugfixing.

Is there anything critically important in this new release that would affect the Intrepid version in a way not reconcilable after release? If so, please describe the extenuating circumstances for a freeze exception (i.e. if upstream has announced they will not allow older clients soon, etc)

Revision history for this message

Eero (eero+launchpad) wrote on 2008-09-25:

#2

0.2.x offers major fixes, but of course I do not know if they are enough to push this to Intrepid. Here are some of those fixes that I think might be the important ones:
    - Non-exit relays no longer answer "resolve" relay cells, so they
      can't be induced to do arbitrary DNS requests.
    - Reject requests for reverse-dns lookup of names that are in
      a private address space.
    - As a client, do not believe any server that tells us that an
      address maps to an internal address space.
    - If we're a relay, avoid picking ourselves as an introduction point,
      a rendezvous point, or as the final hop for internal circuits.
    - Detect size overflow in zlib code.
    - Avoid segfault in the case where a badly behaved v2 versioning
      directory sends a signed networkstatus with missing client-versions.

You can read the rest from http://archives.seul.org/or/announce/Aug-2008/msg00000.html

Revision history for this message

Matt LaPlante (cybrmatt) wrote on 2008-09-25:

#3

I think the intro to the announcement summarizes it best:

"Tor 0.2.0.30 switches to a more efficient directory distribution design,
adds features to make connections to the Tor network harder to block,
allows Tor to act as a DNS proxy, adds separate rate limiting for relayed
traffic to make it easier for clients to become relays, fixes a variety
of potential anonymity problems, and includes the usual huge pile of
other features and bug fixes."

The new directory protocol is a big improvement, and the DNS proxy is major new functionality which was lacking in 0.x.

I don't think the Tor network will be blocking the previous version in the immediate future, so we should be safe as far as that is concerned. I had hoped to get the request in earlier in the release cycle, but sometimes these things just don't work out. I'll leave it at the discretion of the Ubuntu people to whether this can be included or not. If not, please adjust the bug to apply to the next milestone.

Revision history for this message

Fabrice Coutadeur (fabricesp) wrote on 2008-10-08:

#4

build.log Edit (110.0 KiB, text/html)

Lenny has version 0.2.0.31-1.
It builds and installs correctly on intrepid, without adaptation to debian package.
install log:
(intrepid)fabrice@fabrice-desktop:/var/cache/pbuilder/result$ sudo dpkg -i tor_0.2.0.31-1_i386.deb
(Leyendo la base de datos ...
107308 ficheros y directorios instalados actualmente.)
Preparando para reemplazar tor 0.2.0.31-1 (usando tor_0.2.0.31-1_i386.deb) ...
Stopping tor daemon: tor.
Desempaquetando el reemplazo de tor ...
Configurando tor (0.2.0.31-1) ...
Raising maximum number of filedescriptors (ulimit -n) to 32768.
Starting tor daemon: tor...
Oct 08 19:43:23.706 [notice] Tor v0.2.0.31 (r16744). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686)
Oct 08 19:43:23.708 [notice] Initialized libevent version 1.3e using method epoll. Good.
Oct 08 19:43:23.708 [notice] Opening Socks listener on 127.0.0.1:9050
done.

Procesando activadores para man-db ...

Revision history for this message

Fabrice Coutadeur (fabricesp) wrote on 2008-10-08:

#5

tor.diffstat Edit (10.3 KiB, text/plain)

diffstat between 0.1.2 and 0.2.0.31.

Revision history for this message

Fabrice Coutadeur (fabricesp) wrote on 2008-10-08:

#6

Download full text (10.7 KiB)

debain/changelog:
tor (0.2.0.31-1) unstable; urgency=low

  * New upstream version.
  * Tweak a few error messages in the init script to use the proper variables
    (not that it should matter, the Right One has the same value, but still)
    and to list more possible error reasons.

-- Peter Palfrader <email address hidden> Tue, 09 Sep 2008 09:56:54 +0200

tor (0.2.0.30-2) unstable; urgency=low

  * Stop requiring that the binary in /usr/sbin/tor is still the same as the
    one that actually is the running tor when we try to stop or reload the
    daemon using the init script. If the process is called tor, running as
    debian-tor, and the pid file agrees too then it probably is the Tor you
    want to stop (closes: #491246).

-- Peter Palfrader <email address hidden> Fri, 18 Jul 2008 01:50:37 +0200

tor (0.2.0.30-1) unstable; urgency=low

* New upstream version.

-- Peter Palfrader <email address hidden> Wed, 16 Jul 2008 02:19:08 +0200

tor (0.2.0.29-rc-2) unstable; urgency=low

* Upload to unstable.

-- Peter Palfrader <email address hidden> Tue, 15 Jul 2008 22:16:08 +0200

tor (0.2.0.29-rc-1) experimental; urgency=low

  * New upstream version.
  * Warn the admin if the number of file descriptors on his system is
    tiny.

-- Peter Palfrader <email address hidden> Wed, 09 Jul 2008 14:02:06 +0200

tor (0.2.0.28-rc-1) experimental; urgency=low

  * New upstream version.
  * Remove debian/patches/11_tor_as_root_more_helpful.dpatch as
    it is no longer needed: We now setuid() to the Tor user
    when run as root and it all just works.
  * Add comments to the dpatch headers so lintian shuts up.
  * Add patches/14_fix_geoip_warning: Change geoipdb open failed message.
  * Require unit tests to pass again.

-- Peter Palfrader <email address hidden> Fri, 13 Jun 2008 10:28:36 +0200

tor (0.2.0.27-rc-1) experimental; urgency=low

  * New upstream version.
  * Add tor-geoipdb arch: all package for the geoip database.
  * Update debian/rules so that there now is a binary-common target
    and the binary-indep and binary-arch targets call make with
    proper DH_OPTIONS options. This is taken from the template
    that dh_make nowadays uses for multi-binary packages.
  * Unit tests are broken, yay.
  * Use ${binary:Version} to depend on the right tor binary package from
    the tor-dbg package instead of ${Source-Version}. Some guy on the
    internet said the latter was deprecated.
  * Add Homepage: https://www.torproject.org/ field to control file.
  * And mention www.tp.o instead of the old tor.eff.org in the long
    description.
  * No longer ignore failure of make clean in the clean target.
  * Support passing of parallel=<n> in build options.
  * Change declared Standards-Version to 3.8.0.

-- Peter Palfrader <email address hidden> Fri, 06 Jun 2008 01:11:33 +0200

tor (0.2.0.26-rc-1) experimental; urgency=critical

  * New upstream version.
  * Conflict with old libssls.
  * On upgrading from versions prior to, including, 0.1.2.19-2, or
    from versions later than 0.2.0 and prior to 0.2.0.26-rc do the
    following, and if we are a server (we have a /var/lib/tor/keys
    directory)
    - move /var/lib/tor/keys/secret_onion_key out of the...

debain/changelog:
tor (0.2.0.31-1) unstable; urgency=low

* New upstream version.
  * Tweak a few error messages in the init script to use the proper variables
    (not that it should matter, the Right One has the same value, but still)
    and to list more possible error reasons.

-- Peter Palfrader <weasel@debian.org>  Tue, 09 Sep 2008 09:56:54 +0200

tor (0.2.0.30-2) unstable; urgency=low

* Stop requiring that the binary in /usr/sbin/tor is still the same as the
    one that actually is the running tor when we try to stop or reload the
    daemon using the init script.  If the process is called tor, running as
    debian-tor, and the pid file agrees too then it probably is the Tor you
    want to stop (closes: #491246).

-- Peter Palfrader <weasel@debian.org>  Fri, 18 Jul 2008 01:50:37 +0200

tor (0.2.0.30-1) unstable; urgency=low

* New upstream version.

-- Peter Palfrader <weasel@debian.org>  Wed, 16 Jul 2008 02:19:08 +0200

tor (0.2.0.29-rc-2) unstable; urgency=low

* Upload to unstable.

-- Peter Palfrader <weasel@debian.org>  Tue, 15 Jul 2008 22:16:08 +0200

tor (0.2.0.29-rc-1) experimental; urgency=low

* New upstream version.
  * Warn the admin if the number of file descriptors on his system is
    tiny.

-- Peter Palfrader <weasel@debian.org>  Wed, 09 Jul 2008 14:02:06 +0200

tor (0.2.0.28-rc-1) experimental; urgency=low

* New upstream version.
  * Remove debian/patches/11_tor_as_root_more_helpful.dpatch as
    it is no longer needed:  We now setuid() to the Tor user
    when run as root and it all just works.
  * Add comments to the dpatch headers so lintian shuts up.
  * Add patches/14_fix_geoip_warning: Change geoipdb open failed message.
  * Require unit tests to pass again.

-- Peter Palfrader <weasel@debian.org>  Fri, 13 Jun 2008 10:28:36 +0200

tor (0.2.0.27-rc-1) experimental; urgency=low

* New upstream version.
  * Add tor-geoipdb arch: all package for the geoip database.
  * Update debian/rules so that there now is a binary-common target
    and the binary-indep and binary-arch targets call make with
    proper DH_OPTIONS options.  This is taken from the template
    that dh_make nowadays uses for multi-binary packages.
  * Unit tests are broken, yay.
  * Use ${binary:Version} to depend on the right tor binary package from
    the tor-dbg package instead of ${Source-Version}.  Some guy on the
    internet said the latter was deprecated.
  * Add Homepage: https://www.torproject.org/ field to control file.
  * And mention www.tp.o instead of the old tor.eff.org in the long
    description.
  * No longer ignore failure of make clean in the clean target.
  * Support passing of parallel=<n> in build options.
  * Change declared Standards-Version to 3.8.0.

-- Peter Palfrader <weasel@debian.org>  Fri, 06 Jun 2008 01:11:33 +0200

tor (0.2.0.26-rc-1) experimental; urgency=critical

* New upstream version.
  * Conflict with old libssls.
  * On upgrading from versions prior to, including, 0.1.2.19-2, or
    from versions later than 0.2.0 and prior to 0.2.0.26-rc do the
    following, and if we are a server (we have a /var/lib/tor/keys
    directory)
    - move /var/lib/tor/keys/secret_onion_key out of the way.
    - move /var/lib/tor/keys/secret_onion_key.old out of the way.
    - move /var/lib/tor/keys/secret_id_key out of the way if it was
      created on or after 2006-09-17, which is the day the bad
      libssl was uploaded to Debian unstable.
  * Add a NEWS file explaining this change.

-- Peter Palfrader <weasel@debian.org>  Tue, 13 May 2008 16:11:21 +0200

tor (0.2.0.24-rc-1) experimental; urgency=low

* New upstream version.

-- Peter Palfrader <weasel@debian.org>  Wed, 23 Apr 2008 02:25:22 +0200

tor (0.2.0.23-rc-1) experimental; urgency=low

* New upstream version.
  * Mention OpenBSD_malloc_Linux.c in debian/copyright.
  * Add a recommends on logrotate.

-- Peter Palfrader <weasel@debian.org>  Tue, 25 Mar 2008 09:34:37 +0100

tor (0.2.0.22-rc-1) experimental; urgency=low

* New upstream version.
  * Work around fig2dev failing to build the images on all archs
    (re #457568).
  * Build with --enable-openbsd-malloc, unless no-enable-openbsd-malloc is
    found in DEB_BUILD_OPTIONS.  Hopefully this deals with some of the
    horrible memory fragmentation that glibc's malloc causes.

-- Peter Palfrader <weasel@debian.org>  Wed, 19 Mar 2008 08:03:47 +0100

tor (0.2.0.21-rc-1) experimental; urgency=low

* New upstream version.
  * Run --verify-config before start/reload/restart as root.  No longer
    su - to debian-tor tor run it.  Given that we now even start Tor as
    root (it setuids later on) this should be fine (closes: #468566).

-- Peter Palfrader <weasel@debian.org>  Mon,  3 Mar 2008 13:36:59 +0100

tor (0.2.0.20-rc-1) experimental; urgency=low

* New upstream version.
  * Change the default for MAX_FILEDESCRIPTORS in our init script to depend
    on the number of system-wide available file descriptors:
    /proc/sys/fs/file-max is bigger than 80k, set ulimit -n to 32k, if it's
    greater than 40k set the limit to 16k, and when greater than 10k our limit
    shall be 8k descriptors.  If there are less than 20k FDs in the entire
    system default to a limit of only 1024.

Big servers at the moment regularly use more than 10k FDs, so our old
    default of 8k no longer is sufficient.  On the other hand we don't want
    lower end systems to run out of FDs on Tor's account.
  * If we run as root also apply debian defaults.
  * Add User=debian-tor and Group=debian-tor to debian defaults.  That allows
    us to start Tor as root and have it setuid/setgid to the target user.
  * Change the init script to start Tor as root.  Now we should be able to
    bind to low port.

-- Peter Palfrader <weasel@debian.org>  Mon, 25 Feb 2008 13:54:58 +0100

tor (0.2.0.19-alpha-1) experimental; urgency=low

* New upstream version.
  * It's 2008.  Now is the time to add copyright statements for 2007.
  * Forward port 03_tor_manpage_in_section_8.dpatch.

-- Peter Palfrader <weasel@debian.org>  Sun, 10 Feb 2008 01:12:04 +0100

tor (0.2.0.18-alpha-2) experimental; urgency=low

* Work around fig2dev failing to build the images on mipsel like we do on
    sparc and s390 (re #457568)
  * Fix postinst find command that chowns stuff to the right user.  Find
    does weird things in the presence of !.

-- Peter Palfrader <weasel@debian.org>  Sun,  3 Feb 2008 18:17:16 +0100

tor (0.2.0.18-alpha-1) experimental; urgency=low

* New upstream version.
  * postinst: Remove the check that requires the debian-tor user
    to have a uid between 100 and 999.  There is no good reason
    to require this.  If the local admin moves the system users/uid-space
    to some other range then they probably have a good reason for that.
  * postinst: change wording if debian-tor's homedir is wrong, do not
    print anything if it is ok.
  * postinst: We were only fixing the permissions of /var/{lib,run,log}/tor
    when we were not upgrading.  Unfortunately the check doesn't work all
    that well usually in cases where the package was removed (not purged)
    and then later re-installed again.  Now we ensure proper ownership
    and modes for all the directories and files below /var/{lib,run,log}/tor
    (the dirs themselves included) every time we run postinst.
  * postinst: if we reboot between unpacking and configuring on some smart
    systems this will mean that we just lost /var/run/tor - creating it
    in the maintainer script if it doesn't exist.
  * Create logfiles in logrotate so that they come into the world with the
    correct mode (o-r).

-- Peter Palfrader <weasel@debian.org>  Thu, 24 Jan 2008 15:15:32 +0100

tor (0.2.0.17-alpha-1) experimental; urgency=low

* New upstream version.

-- Peter Palfrader <weasel@debian.org>  Thu, 17 Jan 2008 21:42:25 +0100

tor (0.2.0.15-alpha-1) experimental; urgency=low

* New upstream version.

-- Peter Palfrader <weasel@debian.org>  Tue, 25 Dec 2007 08:53:25 +0100

tor (0.2.0.14-alpha-1) experimental; urgency=low

* New upstream version.
  * Remove 13_r12907-fix-unit-tests.dpatch (Fix unit tests from HEAD) again -
    it's included upstream.
  * Work around fig2dev failing to build the images on sparc like we do on
    s390.

-- Peter Palfrader <weasel@debian.org>  Sun, 23 Dec 2007 13:45:41 +0100

tor (0.2.0.13-alpha-1) experimental; urgency=low

* New upstream version.
  * Fix unit tests from HEAD (13_r12907-fix-unit-tests.dpatch).

-- Peter Palfrader <weasel@debian.org>  Fri, 21 Dec 2007 11:52:43 +0100

tor (0.2.0.12-alpha-1) experimental; urgency=low

* New upstream version.

-- Peter Palfrader <weasel@debian.org>  Sun, 18 Nov 2007 11:49:06 +0100

tor (0.2.0.11-alpha-1) experimental; urgency=low

* New upstream version.
  * remove 12_r12235_do_not_crash_when_myfamily_is_set again, it's
    now part of upstream.

-- Peter Palfrader <weasel@debian.org>  Thu, 15 Nov 2007 11:07:06 +0100

tor (0.2.0.9-alpha-2) experimental; urgency=low

* Do not separate required lsb facilities with commas in the
    init script (closes: #448001).
  * Add 12_r12235_do_not_crash_when_myfamily_is_set.dpatch,
    from trunk/head.

-- Peter Palfrader <weasel@debian.org>  Sun, 28 Oct 2007 00:03:21 +0200

tor (0.2.0.9-alpha-1) experimental; urgency=low

* New upstream version.
  * Only create pid dir if we are about to start Tor (Luca Capello,
    closes: #447508).

-- Peter Palfrader <weasel@debian.org>  Fri, 26 Oct 2007 14:29:56 +0200

tor (0.2.0.8-alpha-1) experimental; urgency=low

* New upstream version.

-- Peter Palfrader <weasel@debian.org>  Sat, 13 Oct 2007 16:27:04 +0200

tor (0.2.0.7-alpha-1) experimental; urgency=low

* New upstream version.

-- Peter Palfrader <weasel@debian.org>  Mon, 24 Sep 2007 23:50:14 +0200

tor (0.2.0.6-alpha-1) experimental; urgency=low

* New upstream version.

-- Peter Palfrader <weasel@debian.org>  Mon, 27 Aug 2007 15:41:31 +0200

tor (0.2.0.5-alpha-1) experimental; urgency=low

* New upstream version.

-- Peter Palfrader <weasel@debian.org>  Sun, 19 Aug 2007 15:10:49 +0200

tor (0.2.0.4-alpha-1) experimental; urgency=high

* New upstream version.

-- Peter Palfrader <weasel@debian.org>  Thu,  2 Aug 2007 07:09:36 +0200

tor (0.2.0.3-alpha-1) experimental; urgency=low

* New upstream version.

-- Peter Palfrader <weasel@debian.org>  Tue, 31 Jul 2007 07:03:00 +0200

tor (0.2.0.2-alpha-1) experimental; urgency=low

* New upstream version.

-- Peter Palfrader <weasel@debian.org>  Sun,  3 Jun 2007 02:31:29 +0200

tor (0.2.0.1-alpha-1) experimental; urgency=low

* New upstream version.
  * Forward port 06_add_compile_time_defaults.
  * teTeX is no more, long live TeX Live:
    - remove build depends on tetex-bin, tetex-extra,
    - add build depends on texlive-base-bin for dvips and bibtex,
      texlive-latex-base for latex, and texlive-fonts-recommended for fonts
      like ptmr7t.

-- Peter Palfrader <weasel@debian.org>  Sat,  2 Jun 2007 14:31:15 +0200

Revision history for this message

Fabrice Coutadeur (fabricesp) wrote on 2008-10-08:

#7

Download full text (35.8 KiB)

Upstream changelog:

Changes in version 0.2.0.31 - 2008-09-03
  o Major bugfixes:
    - Make sure that two circuits can never exist on the same connection
      with the same circuit ID, even if one is marked for close. This
      is conceivably a bugfix for bug 779. Bugfix on 0.1.0.4-rc.
    - Relays now reject risky extend cells: if the extend cell includes
      a digest of all zeroes, or asks to extend back to the relay that
      sent the extend cell, tear down the circuit. Ideas suggested
      by rovv.
    - If not enough of our entry guards are available so we add a new
      one, we might use the new one even if it overlapped with the
      current circuit's exit relay (or its family). Anonymity bugfix
      pointed out by rovv.

  o Minor bugfixes:
    - Recover 3-7 bytes that were wasted per memory chunk. Fixes bug
      794; bug spotted by rovv. Bugfix on 0.2.0.1-alpha.
    - Correctly detect the presence of the linux/netfilter_ipv4.h header
      when building against recent kernels. Bugfix on 0.1.2.1-alpha.
    - Pick size of default geoip filename string correctly on windows.
      Fixes bug 806. Bugfix on 0.2.0.30.
    - Make the autoconf script accept the obsolete --with-ssl-dir
      option as an alias for the actually-working --with-openssl-dir
      option. Fix the help documentation to recommend --with-openssl-dir.
      Based on a patch by "Dave". Bugfix on 0.2.0.1-alpha.
    - Disallow session resumption attempts during the renegotiation
      stage of the v2 handshake protocol. Clients should never be trying
      session resumption at this point, but apparently some did, in
      ways that caused the handshake to fail. Bug found by Geoff Goodell.
      Bugfix on 0.2.0.20-rc.
    - When using the TransPort option on OpenBSD, and using the User
      option to change UID and drop privileges, make sure to open
      /dev/pf before dropping privileges. Fixes bug 782. Patch from
      Christopher Davis. Bugfix on 0.1.2.1-alpha.
    - Try to attach connections immediately upon receiving a RENDEZVOUS2
      or RENDEZVOUS_ESTABLISHED cell. This can save a second or two
      on the client side when connecting to a hidden service. Bugfix
      on 0.0.6pre1. Found and fixed by Christian Wilms; resolves bug 743.
    - When closing an application-side connection because its circuit is
      getting torn down, generate the stream event correctly. Bugfix on
      0.1.2.x. Anonymous patch.

Changes in version 0.2.0.30 - 2008-07-15
  o Minor bugfixes:
    - Stop using __attribute__((nonnull)) with GCC: it can give us useful
      warnings (occasionally), but it can also cause the compiler to
      eliminate error-checking code. Suggested by Peter Gutmann.

Changes in version 0.2.0.29-rc - 2008-07-08
  o Major bugfixes:
    - If you have more than one bridge but don't know their keys,
      you would only launch a request for the descriptor of the first one
      on your list. (Tor considered launching requests for the others, but
      found that it already had a connection on the way for $0000...0000
      so it didn't open another.) Bugfix on 0.2.0.x.
    - If you have more than one bridge but don't know their keys, and the
     ...

Upstream changelog:

Changes in version 0.2.0.31 - 2008-09-03
  o Major bugfixes:
    - Make sure that two circuits can never exist on the same connection
      with the same circuit ID, even if one is marked for close. This
      is conceivably a bugfix for bug 779. Bugfix on 0.1.0.4-rc.
    - Relays now reject risky extend cells: if the extend cell includes
      a digest of all zeroes, or asks to extend back to the relay that
      sent the extend cell, tear down the circuit. Ideas suggested
      by rovv.
    - If not enough of our entry guards are available so we add a new
      one, we might use the new one even if it overlapped with the
      current circuit's exit relay (or its family). Anonymity bugfix
      pointed out by rovv.

o Minor bugfixes:
    - Recover 3-7 bytes that were wasted per memory chunk. Fixes bug
      794; bug spotted by rovv. Bugfix on 0.2.0.1-alpha.
    - Correctly detect the presence of the linux/netfilter_ipv4.h header
      when building against recent kernels. Bugfix on 0.1.2.1-alpha.
    - Pick size of default geoip filename string correctly on windows.
      Fixes bug 806. Bugfix on 0.2.0.30.
    - Make the autoconf script accept the obsolete --with-ssl-dir
      option as an alias for the actually-working --with-openssl-dir
      option. Fix the help documentation to recommend --with-openssl-dir.
      Based on a patch by "Dave". Bugfix on 0.2.0.1-alpha.
    - Disallow session resumption attempts during the renegotiation
      stage of the v2 handshake protocol. Clients should never be trying
      session resumption at this point, but apparently some did, in
      ways that caused the handshake to fail. Bug found by Geoff Goodell.
      Bugfix on 0.2.0.20-rc.
    - When using the TransPort option on OpenBSD, and using the User
      option to change UID and drop privileges, make sure to open
      /dev/pf before dropping privileges. Fixes bug 782. Patch from
      Christopher Davis. Bugfix on 0.1.2.1-alpha.
    - Try to attach connections immediately upon receiving a RENDEZVOUS2
      or RENDEZVOUS_ESTABLISHED cell. This can save a second or two
      on the client side when connecting to a hidden service. Bugfix
      on 0.0.6pre1. Found and fixed by Christian Wilms; resolves bug 743.
    - When closing an application-side connection because its circuit is
      getting torn down, generate the stream event correctly. Bugfix on
      0.1.2.x. Anonymous patch.

Changes in version 0.2.0.30 - 2008-07-15
  o Minor bugfixes:
    - Stop using __attribute__((nonnull)) with GCC: it can give us useful
      warnings (occasionally), but it can also cause the compiler to
      eliminate error-checking code. Suggested by Peter Gutmann.

Changes in version 0.2.0.29-rc - 2008-07-08
  o Major bugfixes:
    - If you have more than one bridge but don't know their keys,
      you would only launch a request for the descriptor of the first one
      on your list. (Tor considered launching requests for the others, but
      found that it already had a connection on the way for $0000...0000
      so it didn't open another.) Bugfix on 0.2.0.x.
    - If you have more than one bridge but don't know their keys, and the
      connection to one of the bridges failed, you would cancel all
      pending bridge connections. (After all, they all have the same
      digest.) Bugfix on 0.2.0.x.
    - When a hidden service was trying to establish an introduction point,
      and Tor had built circuits preemptively for such purposes, we
      were ignoring all the preemptive circuits and launching a new one
      instead. Bugfix on 0.2.0.14-alpha.
    - When a hidden service was trying to establish an introduction point,
      and Tor *did* manage to reuse one of the preemptively built
      circuits, it didn't correctly remember which one it used,
      so it asked for another one soon after, until there were no
      more preemptive circuits, at which point it launched one from
      scratch. Bugfix on 0.0.9.x.
    - Make directory servers include the X-Your-Address-Is: http header in
      their responses even for begin_dir conns. Now clients who only
      ever use begin_dir connections still have a way to learn their IP
      address. Fixes bug 737; bugfix on 0.2.0.22-rc. Reported by goldy.

o Minor bugfixes:
    - Fix a macro/CPP interactions that was confusing some compilers:
      some GCCs don't like #if/#endif pairs inside macro arguments.
      Fix for bug 707.
    - Fix macro collision between OpenSSL 0.9.8h and Windows headers.
      Fixes bug 704; fix from Steven Murdoch.
    - When opening /dev/null in finish_daemonize(), do not pass the
      O_CREAT flag. Fortify was complaining, and correctly so. Fixes
      bug 742; fix from Michael Scherer. Bugfix on 0.0.2pre19.
    - Correctly detect transparent proxy support on Linux hosts that
      require in.h to be included before netfilter_ipv4.h.  Patch
      from coderman.

Changes in version 0.2.0.28-rc - 2008-06-13
  o Anonymity fixes:
    - Fix a bug where, when we were choosing the 'end stream reason' to
      put in our relay end cell that we send to the exit relay, Tor
      clients on Windows were sometimes sending the wrong 'reason'. The
      anonymity problem is that exit relays may be able to guess whether
      the client is running Windows, thus helping partition the anonymity
      set. Down the road we should stop sending reasons to exit relays,
      or otherwise prevent future versions of this bug.

o Major bugfixes:
    - While setting up a hidden service, some valid introduction circuits
      were overlooked and abandoned. This might be the reason for
      the long delay in making a hidden service available. Bugfix on
      0.2.0.14-alpha.

o Minor features:
    - Update to the "June 9 2008" ip-to-country file.
    - Run 'make test' as part of 'make dist', so we stop releasing so
      many development snapshots that fail their unit tests.

o Minor bugfixes:
    - When we're checking if we have enough dir info for each relay
      to begin establishing circuits, make sure that we actually have
      the descriptor listed in the consensus, not just any descriptor.
    - Bridge relays no longer print "xx=0" in their extrainfo document
      for every single country code in the geoip db.
    - Only warn when we fail to load the geoip file if we were planning to
      include geoip stats in our extrainfo document.
    - If we change our MaxAdvertisedBandwidth and then reload torrc,
      Tor won't realize it should publish a new relay descriptor. Fixes
      bug 688, reported by mfr.
    - When we haven't had any application requests lately, don't bother
      logging that we have expired a bunch of descriptors.
    - Make relay cells written on a connection count as non-padding when
      tracking how long a connection has been in use. Bugfix on
      0.2.0.1-alpha. Spotted by lodger.
    - Fix unit tests in 0.2.0.27-rc.
    - Fix compile on Windows.

Changes in version 0.2.0.27-rc - 2008-06-03
  o Major features:
    - Include an IP-to-country GeoIP file in the tarball, so bridge
      relays can report sanitized summaries of the usage they're seeing.

o Minor features:
    - Add a "PURPOSE=" argument to "STREAM NEW" events, as suggested by
      Robert Hogan. Fixes the first part of bug 681.
    - Make bridge authorities never serve extrainfo docs.
    - Add support to detect Libevent versions in the 1.4.x series
      on mingw.
    - Fix build on gcc 4.3 with --enable-gcc-warnings set.
    - Include a new contrib/tor-exit-notice.html file that exit relay
      operators can put on their website to help reduce abuse queries.

o Minor bugfixes:
    - When tunneling an encrypted directory connection, and its first
      circuit fails, do not leave it unattached and ask the controller
      to deal. Fixes the second part of bug 681.
    - Make bridge authorities correctly expire old extrainfo documents
      from time to time.

Changes in version 0.2.0.26-rc - 2008-05-13
  Tor 0.2.0.26-rc fixes a major security vulnerability caused by a bug
  in Debian's OpenSSL packages. All users running any 0.2.0.x version
  should upgrade, whether they're running Debian or not.

o Major security fixes:
    - Use new V3 directory authority keys on the tor26, gabelmoo, and
      moria1 V3 directory authorities. The old keys were generated with
      a vulnerable version of Debian's OpenSSL package, and must be
      considered compromised. Other authorities' keys were not generated
      with an affected version of OpenSSL.

o Major bugfixes:
    - List authority signatures as "unrecognized" based on DirServer
      lines, not on cert cache. Bugfix on 0.2.0.x.

o Minor features:
    - Add a new V3AuthUseLegacyKey option to make it easier for
      authorities to change their identity keys if they have to.

Changes in version 0.2.0.25-rc - 2008-04-23
  Tor 0.2.0.25-rc makes Tor work again on OS X and certain BSDs.

o Major bugfixes:
    - Remember to initialize threading before initializing logging.
      Otherwise, many BSD-family implementations will crash hard on
      startup. Fixes bug 671. Bugfix on 0.2.0.24-rc.

o Minor bugfixes:
    - Authorities correctly free policies on bad servers on
      exit. Fixes bug 672. Bugfix on 0.2.0.x.

Changes in version 0.2.0.24-rc - 2008-04-22
  Tor 0.2.0.24-rc adds dizum (run by Alex de Joode) as the new sixth
  v3 directory authority, makes relays with dynamic IP addresses and no
  DirPort notice more quickly when their IP address changes, fixes a few
  rare crashes and memory leaks, and fixes a few other miscellaneous bugs.

o New directory authorities:
    - Take lefkada out of the list of v3 directory authorities, since
      it has been down for months.
    - Set up dizum (run by Alex de Joode) as the new sixth v3 directory
      authority.

o Major bugfixes:
    - Detect address changes more quickly on non-directory mirror
      relays. Bugfix on 0.2.0.18-alpha; fixes bug 652.

o Minor features (security):
    - Reject requests for reverse-dns lookup of names that are in
      a private address space. Patch from lodger.
    - Non-exit relays no longer allow DNS requests. Fixes bug 619. Patch
      from lodger.

o Minor bugfixes (crashes):
    - Avoid a rare assert that can trigger when Tor doesn't have much
      directory information yet and it tries to fetch a v2 hidden
      service descriptor. Fixes bug 651, reported by nwf.
    - Initialize log mutex before initializing dmalloc. Otherwise,
      running with dmalloc would crash. Bugfix on 0.2.0.x-alpha.
    - Use recursive pthread mutexes in order to avoid deadlock when
      logging debug-level messages to a controller. Bug spotted by nwf,
      bugfix on 0.2.0.16-alpha.

o Minor bugfixes (resource management):
    - Keep address policies from leaking memory: start their refcount
      at 1, not 2. Bugfix on 0.2.0.16-alpha.
    - Free authority certificates on exit, so they don't look like memory
      leaks. Bugfix on 0.2.0.19-alpha.
    - Free static hashtables for policy maps and for TLS connections on
      shutdown, so they don't look like memory leaks. Bugfix on 0.2.0.x.
    - Avoid allocating extra space when computing consensuses on 64-bit
      platforms. Bug spotted by aakova.

o Minor bugfixes (misc):
    - Do not read the configuration file when we've only been told to
      generate a password hash. Fixes bug 643. Bugfix on 0.0.9pre5. Fix
      based on patch from Sebastian Hahn.
    - Exit relays that are used as a client can now reach themselves
      using the .exit notation, rather than just launching an infinite
      pile of circuits. Fixes bug 641. Reported by Sebastian Hahn.
    - When attempting to open a logfile fails, tell us why.
    - Fix a dumb bug that was preventing us from knowing that we should
      preemptively build circuits to handle expected directory requests.
      Fixes bug 660. Bugfix on 0.1.2.x.
    - Warn less verbosely about clock skew from netinfo cells from
      untrusted sources. Fixes bug 663.
    - Make controller stream events for DNS requests more consistent,
      by adding "new stream" events for DNS requests, and removing
      spurious "stream closed" events" for cached reverse resolves.
      Patch from mwenge. Fixes bug 646.
    - Correctly notify one-hop connections when a circuit build has
      failed. Possible fix for bug 669. Found by lodger.

Changes in version 0.2.0.23-rc - 2008-03-24
  Tor 0.2.0.23-rc is the fourth release candidate for the 0.2.0 series. It
  makes bootstrapping faster if the first directory mirror you contact
  is down. The bundles also include the new Vidalia 0.1.2 release.

o Major bugfixes:
    - When a tunneled directory request is made to a directory server
      that's down, notice after 30 seconds rather than 120 seconds. Also,
      fail any begindir streams that are pending on it, so they can
      retry elsewhere. This was causing multi-minute delays on bootstrap.

Changes in version 0.2.0.22-rc - 2008-03-18
  Tor 0.2.0.22-rc is the third release candidate for the 0.2.0 series. It
  enables encrypted directory connections by default for non-relays, fixes
  some broken TLS behavior we added in 0.2.0.20-rc, and resolves many
  other bugs. The bundles also include Vidalia 0.1.1 and Torbutton 1.1.17.

o Major features:
    - Enable encrypted directory connections by default for non-relays,
      so censor tools that block Tor directory connections based on their
      plaintext patterns will no longer work. This means Tor works in
      certain censored countries by default again.

o Major bugfixes:
    - Make sure servers always request certificates from clients during
      TLS renegotiation. Reported by lodger; bugfix on 0.2.0.20-rc.
    - Do not enter a CPU-eating loop when a connection is closed in
      the middle of client-side TLS renegotiation. Fixes bug 622. Bug
      diagnosed by lodger; bugfix on 0.2.0.20-rc.
    - Fix assertion failure that could occur when a blocked circuit
      became unblocked, and it had pending client DNS requests. Bugfix
      on 0.2.0.1-alpha. Fixes bug 632.

o Minor bugfixes (on 0.1.2.x):
    - Generate "STATUS_SERVER" events rather than misspelled
      "STATUS_SEVER" events. Caught by mwenge.
    - When counting the number of bytes written on a TLS connection,
      look at the BIO actually used for writing to the network, not
      at the BIO used (sometimes) to buffer data for the network.
      Looking at different BIOs could result in write counts on the
      order of ULONG_MAX. Fixes bug 614.
    - On Windows, correctly detect errors when listing the contents of
      a directory. Fix from lodger.

o Minor bugfixes (on 0.2.0.x):
    - Downgrade "sslv3 alert handshake failure" message to INFO.
    - If we set RelayBandwidthRate and RelayBandwidthBurst very high but
      left BandwidthRate and BandwidthBurst at the default, we would be
      silently limited by those defaults. Now raise them to match the
      RelayBandwidth* values.
    - Fix the SVK version detection logic to work correctly on a branch.
    - Make --enable-openbsd-malloc work correctly on Linux with alpha
      CPUs. Fixes bug 625.
    - Logging functions now check that the passed severity is sane.
    - Use proper log levels in the testsuite call of
      get_interface_address6().
    - When using a nonstandard malloc, do not use the platform values for
      HAVE_MALLOC_GOOD_SIZE or HAVE_MALLOC_USABLE_SIZE.
    - Make the openbsd malloc code use 8k pages on alpha CPUs and
      16k pages on ia64.
    - Detect mismatched page sizes when using --enable-openbsd-malloc.
    - Avoid double-marked-for-close warning when certain kinds of invalid
      .in-addr.arpa addresses are passed to the DNSPort. Part of a fix
      for bug 617. Bugfix on 0.2.0.1-alpha.
    - Make sure that the "NULL-means-reject *:*" convention is followed by
      all the policy manipulation functions, avoiding some possible crash
      bugs. Bug found by lodger. Bugfix on 0.2.0.16-alpha.
    - Fix the implementation of ClientDNSRejectInternalAddresses so that it
      actually works, and doesn't warn about every single reverse lookup.
      Fixes the other part of bug 617.  Bugfix on 0.2.0.1-alpha.

o Minor features:
    - Only log guard node status when guard node status has changed.
    - Downgrade the 3 most common "INFO" messages to "DEBUG". This will
      make "INFO" 75% less verbose.

Changes in version 0.2.0.21-rc - 2008-03-02
  Tor 0.2.0.21-rc is the second release candidate for the 0.2.0 series. It
  makes Tor work well with Vidalia again, fixes a rare assert bug,
  and fixes a pair of more minor bugs. The bundles also include Vidalia
  0.1.0 and Torbutton 1.1.16.

o Major bugfixes:
    - The control port should declare that it requires password auth
      when HashedControlSessionPassword is set too. Patch from Matt Edman;
      bugfix on 0.2.0.20-rc. Fixes bug 615.
    - Downgrade assert in connection_buckets_decrement() to a log message.
      This may help us solve bug 614, and in any case will make its
      symptoms less severe. Bugfix on 0.2.0.20-rc. Reported by fredzupy.
    - We were sometimes miscounting the number of bytes read from the
      network, causing our rate limiting to not be followed exactly.
      Bugfix on 0.2.0.16-alpha. Reported by lodger.

o Minor bugfixes:
    - Fix compilation with OpenSSL 0.9.8 and 0.9.8a.  All other supported
      OpenSSL versions should have been working fine.  Diagnosis and patch
      from lodger, Karsten Loesing and Sebastian Hahn.  Fixes bug 616.
      Bugfix on 0.2.0.20-rc.

Changes in version 0.2.0.20-rc - 2008-02-24
  Tor 0.2.0.20-rc is the first release candidate for the 0.2.0 series. It
  makes more progress towards normalizing Tor's TLS handshake, makes
  hidden services work better again, helps relays bootstrap if they don't
  know their IP address, adds optional support for linking in openbsd's
  allocator or tcmalloc, allows really fast relays to scale past 15000
  sockets, and fixes a bunch of minor bugs reported by Veracode.

o Major features:
    - Enable the revised TLS handshake based on the one designed by
      Steven Murdoch in proposal 124, as revised in proposal 130. It
      includes version negotiation for OR connections as described in
      proposal 105. The new handshake is meant to be harder for censors
      to fingerprint, and it adds the ability to detect certain kinds of
      man-in-the-middle traffic analysis attacks. The version negotiation
      feature will allow us to improve Tor's link protocol more safely
      in the future.
    - Choose which bridge to use proportional to its advertised bandwidth,
      rather than uniformly at random. This should speed up Tor for
      bridge users. Also do this for people who set StrictEntryNodes.
    - When a TrackHostExits-chosen exit fails too many times in a row,
      stop using it. Bugfix on 0.1.2.x; fixes bug 437.

o Major bugfixes:
    - Resolved problems with (re-)fetching hidden service descriptors.
      Patch from Karsten Loesing; fixes problems with 0.2.0.18-alpha
      and 0.2.0.19-alpha.
    - If we only ever used Tor for hidden service lookups or posts, we
      would stop building circuits and start refusing connections after
      24 hours, since we falsely believed that Tor was dormant. Reported
      by nwf; bugfix on 0.1.2.x.
    - Servers that don't know their own IP address should go to the
      authorities for their first directory fetch, even if their DirPort
      is off or if they don't know they're reachable yet. This will help
      them bootstrap better. Bugfix on 0.2.0.18-alpha; fixes bug 609.
    - When counting the number of open sockets, count not only the number
      of sockets we have received from the socket() call, but also
      the number we've gotten from accept() and socketpair(). This bug
      made us fail to count all sockets that we were using for incoming
      connections. Bugfix on 0.2.0.x.
    - Fix code used to find strings within buffers, when those strings
      are not in the first chunk of the buffer. Bugfix on 0.2.0.x.
    - Fix potential segfault when parsing HTTP headers. Bugfix on 0.2.0.x.
    - Add a new __HashedControlSessionPassword option for controllers
      to use for one-off session password hashes that shouldn't get
      saved to disk by SAVECONF --- Vidalia users were accumulating a
      pile of HashedControlPassword lines in their torrc files, one for
      each time they had restarted Tor and then clicked Save. Make Tor
      automatically convert "HashedControlPassword" to this new option but
      only when it's given on the command line. Partial fix for bug 586.

o Minor features (performance):
    - Tune parameters for cell pool allocation to minimize amount of
      RAM overhead used.
    - Add OpenBSD malloc code from phk as an optional malloc
      replacement on Linux: some glibc libraries do very poorly
      with Tor's memory allocation patterns. Pass
      --enable-openbsd-malloc to get the replacement malloc code.
    - Add a --with-tcmalloc option to the configure script to link
      against tcmalloc (if present). Does not yet search for
      non-system include paths.
    - Stop imposing an arbitrary maximum on the number of file descriptors
      used for busy servers. Bug reported by Olaf Selke; patch from
      Sebastian Hahn.

o Minor features (other):
    - When SafeLogging is disabled, log addresses along with all TLS
      errors.
    - When building with --enable-gcc-warnings, check for whether Apple's
      warning "-Wshorten-64-to-32" is available.
    - Add a --passphrase-fd argument to the tor-gencert command for
      scriptability.

o Minor bugfixes (memory leaks and code problems):
    - We were leaking a file descriptor if Tor started with a zero-length
      cached-descriptors file. Patch by freddy77; bugfix on 0.1.2.
    - Detect size overflow in zlib code. Reported by Justin Ferguson and
      Dan Kaminsky.
    - We were comparing the raw BridgePassword entry with a base64'ed
      version of it, when handling a "/tor/networkstatus-bridges"
      directory request. Now compare correctly. Noticed by Veracode.
    - Recover from bad tracked-since value in MTBF-history file.
      Should fix bug 537.
    - Alter the code that tries to recover from unhandled write
      errors, to not try to flush onto a socket that's given us
      unhandled errors. Bugfix on 0.1.2.x.
    - Make Unix controlsockets work correctly on OpenBSD. Patch from
      tup. Bugfix on 0.2.0.3-alpha.

o Minor bugfixes (other):
    - If we have an extra-info document for our server, always make
      it available on the control port, even if we haven't gotten
      a copy of it from an authority yet. Patch from mwenge.
    - Log the correct memory chunk sizes for empty RAM chunks in mempool.c.
    - Directory mirrors no longer include a guess at the client's IP
      address if the connection appears to be coming from the same /24
      network; it was producing too many wrong guesses.
    - Make the new hidden service code respect the SafeLogging setting.
      Bugfix on 0.2.0.x. Patch from Karsten.
    - When starting as an authority, do not overwrite all certificates
      cached from other authorities. Bugfix on 0.2.0.x. Fixes bug 606.
    - If we're trying to flush the last bytes on a connection (for
      example, when answering a directory request), reset the
      time-to-give-up timeout every time we manage to write something
      on the socket. Bugfix on 0.1.2.x.
    - Change the behavior of "getinfo status/good-server-descriptor"
      so it doesn't return failure when any authority disappears.
    - Even though the man page said that "TrackHostExits ." should
      work, nobody had ever implemented it. Bugfix on 0.1.0.x.
    - Report TLS "zero return" case as a "clean close" and "IO error"
      as a "close". Stop calling closes "unexpected closes": existing
      Tors don't use SSL_close(), so having a connection close without
      the TLS shutdown handshake is hardly unexpected.
    - Send NAMESERVER_STATUS messages for a single failed nameserver
      correctly.

o Code simplifications and refactoring:
    - Remove the tor_strpartition function: its logic was confused,
      and it was only used for one thing that could be implemented far
      more easily.

Changes in version 0.2.0.19-alpha - 2008-02-09
  Tor 0.2.0.19-alpha makes more progress towards normalizing Tor's TLS
  handshake, makes path selection for relays more secure and IP address
  guessing more robust, and generally fixes a lot of bugs in preparation
  for calling the 0.2.0 branch stable.

o Major features:
    - Do not include recognizeable strings in the commonname part of
      Tor's x509 certificates.

o Major bugfixes:
    - If we're a relay, avoid picking ourselves as an introduction point,
      a rendezvous point, or as the final hop for internal circuits. Bug
      reported by taranis and lodger. Bugfix on 0.1.2.x.
    - Patch from "Andrew S. Lists" to catch when we contact a directory
      mirror at IP address X and he says we look like we're coming from
      IP address X. Bugfix on 0.1.2.x.

o Minor features (security):
    - Be more paranoid about overwriting sensitive memory on free(),
      as a defensive programming tactic to ensure forward secrecy.

o Minor features (directory authority):
    - Actually validate the options passed to AuthDirReject,
      AuthDirInvalid, AuthDirBadDir, and AuthDirBadExit.
    - Reject router descriptors with out-of-range bandwidthcapacity or
      bandwidthburst values.

o Minor features (controller):
    - Reject controller commands over 1MB in length.  This keeps rogue
      processes from running us out of memory.

o Minor features (misc):
    - Give more descriptive well-formedness errors for out-of-range
      hidden service descriptor/protocol versions.
    - Make memory debugging information describe more about history
      of cell allocation, so we can help reduce our memory use.

o Deprecated features (controller):
    - The status/version/num-versioning and status/version/num-concurring
      GETINFO options are no longer useful in the v3 directory protocol:
      treat them as deprecated, and warn when they're used.

o Minor bugfixes:
    - When our consensus networkstatus has been expired for a while, stop
      being willing to build circuits using it. Fixes bug 401. Bugfix
      on 0.1.2.x.
    - Directory caches now fetch certificates from all authorities
      listed in a networkstatus consensus, even when they do not
      recognize them. Fixes bug 571. Bugfix on 0.2.0.x.
    - When connecting to a bridge without specifying its key, insert
      the connection into the identity-to-connection map as soon as
      a key is learned. Fixes bug 574. Bugfix on 0.2.0.x.
    - Detect versions of OS X where malloc_good_size() is present in the
      library but never actually declared. Resolves bug 587. Bugfix
      on 0.2.0.x.
    - Stop incorrectly truncating zlib responses to directory authority
      signature download requests. Fixes bug 593. Bugfix on 0.2.0.x.
    - Stop recommending that every server operator send mail to tor-ops.
      Resolves bug 597. Bugfix on 0.1.2.x.
    - Don't trigger an assert if we start a directory authority with a
      private IP address (like 127.0.0.1).
    - Avoid possible failures when generating a directory with routers
      with over-long versions strings, or too many flags set. Bugfix
      on 0.1.2.x.
    - If an attempt to launch a DNS resolve request over the control
      port fails because we have overrun the limit on the number of
      connections, tell the controller that the request has failed.
    - Avoid using too little bandwidth when our clock skips a few
      seconds. Bugfix on 0.1.2.x.
    - Fix shell error when warning about missing packages in configure
      script, on Fedora or Red Hat machines. Bugfix on 0.2.0.x.
    - Do not become confused when receiving a spurious VERSIONS-like
      cell from a confused v1 client.  Bugfix on 0.2.0.x.
    - Re-fetch v2 (as well as v0) rendezvous descriptors when all
      introduction points for a hidden service have failed. Patch from
      Karsten Loesing. Bugfix on 0.2.0.x.

o Code simplifications and refactoring:
    - Remove some needless generality from cpuworker code, for improved
      type-safety.
    - Stop overloading the circuit_t.onionskin field for both "onionskin
      from a CREATE cell that we are waiting for a cpuworker to be
      assigned" and "onionskin from an EXTEND cell that we are going to
      send to an OR as soon as we are connected". Might help with bug 600.
    - Add an in-place version of aes_crypt() so that we can avoid doing a
      needless memcpy() call on each cell payload.

Changes in version 0.2.0.18-alpha - 2008-01-25
  Tor 0.2.0.18-alpha adds a sixth v3 directory authority run by CCC,
  fixes a big memory leak in 0.2.0.17-alpha, and adds new config options
  that can warn or reject connections to ports generally associated with
  vulnerable-plaintext protocols.

o New directory authorities:
    - Set up dannenberg (run by CCC) as the sixth v3 directory
      authority.

o Major bugfixes:
    - Fix a major memory leak when attempting to use the v2 TLS
      handshake code. Bugfix on 0.2.0.x; fixes bug 589.
    - We accidentally enabled the under-development v2 TLS handshake
      code, which was causing log entries like "TLS error while
      renegotiating handshake". Disable it again. Resolves bug 590.
    - We were computing the wrong Content-Length: header for directory
      responses that need to be compressed on the fly, causing clients
      asking for those items to always fail. Bugfix on 0.2.0.x; partially
      fixes bug 593.

o Major features:
    - Avoid going directly to the directory authorities even if you're a
      relay, if you haven't found yourself reachable yet or if you've
      decided not to advertise your dirport yet. Addresses bug 556.
    - If we've gone 12 hours since our last bandwidth check, and we
      estimate we have less than 50KB bandwidth capacity but we could
      handle more, do another bandwidth test.
    - New config options WarnPlaintextPorts and RejectPlaintextPorts so
      Tor can warn and/or refuse connections to ports commonly used with
      vulnerable-plaintext protocols. Currently we warn on ports 23,
      109, 110, and 143, but we don't reject any.

o Minor bugfixes:
    - When we setconf ClientOnly to 1, close any current OR and Dir
      listeners. Reported by mwenge.
    - When we get a consensus that's been signed by more people than
      we expect, don't log about it; it's not a big deal. Reported
      by Kyle Williams.

o Minor features:
    - Don't answer "/tor/networkstatus-bridges" directory requests if
      the request isn't encrypted.
    - Make "ClientOnly 1" config option disable directory ports too.
    - Patches from Karsten Loesing to make v2 hidden services more
      robust: work even when there aren't enough HSDir relays available;
      retry when a v2 rend desc fetch fails; but don't retry if we
      already have a usable v0 rend desc.

Changes in version 0.2.0.17-alpha - 2008-01-17
  Tor 0.2.0.17-alpha makes the tarball build cleanly again (whoops).

o Compile fixes:
    - Make the tor-gencert man page get included correctly in the tarball.

Changes in version 0.2.0.16-alpha - 2008-01-17
  Tor 0.2.0.16-alpha adds a fifth v3 directory authority run by Karsten
  Loesing, and generally cleans up a lot of features and minor bugs.

o New directory authorities:
    - Set up gabelmoo (run by Karsten Loesing) as the fifth v3 directory
      authority.

o Major performance improvements:
    - Switch our old ring buffer implementation for one more like that
      used by free Unix kernels. The wasted space in a buffer with 1mb
      of data will now be more like 8k than 1mb. The new implementation
      also avoids realloc();realloc(); patterns that can contribute to
      memory fragmentation.

o Minor features:
    - Configuration files now accept C-style strings as values. This
      helps encode characters not allowed in the current configuration
      file format, such as newline or #. Addresses bug 557.
    - Although we fixed bug 539 (where servers would send HTTP status 503
      responses _and_ send a body too), there are still servers out
      there that haven't upgraded. Therefore, make clients parse such
      bodies when they receive them.
    - When we're not serving v2 directory information, there is no reason
      to actually keep any around. Remove the obsolete files and directory
      on startup if they are very old and we aren't going to serve them.

o Minor performance improvements:
    - Reference-count and share copies of address policy entries; only 5%
      of them were actually distinct.
    - Never walk through the list of logs if we know that no log is
      interested in a given message.

o Minor bugfixes:
    - When an authority has not signed a consensus, do not try to
      download a nonexistent "certificate with key 00000000". Bugfix
      on 0.2.0.x. Fixes bug 569.
    - Fix a rare assert error when we're closing one of our threads:
      use a mutex to protect the list of logs, so we never write to the
      list as it's being freed. Bugfix on 0.1.2.x. Fixes the very rare
      bug 575, which is kind of the revenge of bug 222.
    - Patch from Karsten Loesing to complain less at both the client
      and the relay when a relay used to have the HSDir flag but doesn't
      anymore, and we try to upload a hidden service descriptor.
    - Stop leaking one cert per TLS context. Fixes bug 582. Bugfix on
      0.2.0.15-alpha.
    - Do not try to download missing certificates until we have tried
      to check our fallback consensus. Fixes bug 583.
    - Make bridges round reported GeoIP stats info up to the nearest
      estimate, not down. Now we can distinguish between "0 people from
      this country" and "1 person from this country".
    - Avoid a spurious free on base64 failure. Bugfix on 0.1.2.
    - Avoid possible segfault if key generation fails in
      crypto_pk_hybrid_encrypt. Bugfix on 0.2.0.
    - Avoid segfault in the case where a badly behaved v2 versioning
      directory sends a signed networkstatus with missing client-versions.
      Bugfix on 0.1.2.
    - Avoid segfaults on certain complex invocations of
      router_get_by_hexdigest(). Bugfix on 0.1.2.
    - Correct bad index on array access in parse_http_time(). Bugfix
      on 0.2.0.
    - Fix possible bug in vote generation when server versions are present
      but client versions are not.
    - Fix rare bug on REDIRECTSTREAM control command when called with no
      port set: it could erroneously report an error when none had
      happened.
    - Avoid bogus crash-prone, leak-prone tor_realloc when we're
      compressing large objects and find ourselves with more than 4k
      left over. Bugfix on 0.2.0.
    - Fix a small memory leak when setting up a hidden service.
    - Fix a few memory leaks that could in theory happen under bizarre
      error conditions.
    - Fix an assert if we post a general-purpose descriptor via the
      control port but that descriptor isn't mentioned in our current
      network consensus. Bug reported by Jon McLachlan; bugfix on
      0.2.0.9-alpha.

o Minor features (controller):
    - Get NS events working again. Patch from tup.
    - The GETCONF command now escapes and quotes configuration values
      that don't otherwise fit into the torrc file.
    - The SETCONF command now handles quoted values correctly.

o Minor features (directory authorities):
    - New configuration options to override default maximum number of
      servers allowed on a single IP address. This is important for
      running a test network on a single host.
    - Actually implement the -s option to tor-gencert.
    - Add a manual page for tor-gencert.

o Minor features (bridges):
    - Bridge authorities no longer serve bridge descriptors over
      unencrypted connections.

o Minor features (other):
    - Add hidden services and DNSPorts to the list of things that make
      Tor accept that it has running ports. Change starting Tor with no
      ports from a fatal error to a warning; we might change it back if
      this turns out to confuse anybody. Fixes bug 579.

Changed in tor:
status:	New → Confirmed

Revision history for this message

Scott Kitterman (kitterman) wrote on 2008-10-08: Re: [Bug 261693] [NEW] version bump to 0.2.X

#8

We should always release with the latest Tor. +1 from me.

Revision history for this message

StefanPotyra (sistpoty) wrote on 2008-10-09: Re: [FFe] tor version bump to 0.2.X

#9

*nod*, please go ahead.

Revision history for this message

Fabrice Coutadeur (fabricesp) wrote on 2008-10-09:

#10

So please sync tor from Lenny repository

Revision history for this message

James Westby (james-w) wrote on 2008-10-09: Re: [Sync request][FFe] tor version bump to 0.2.X

#11

ACK from me, looks good.

Thanks,

James

Revision history for this message

Martin Pitt (pitti) wrote on 2008-10-10:

#12

[Updating] tor (0.1.2.19-3 [Ubuntu] < 0.2.0.31-1 [Debian])
* Trying to add tor...
  - <tor_0.2.0.31.orig.tar.gz: downloading from http://ftp.debian.org/debian/>
  - <tor_0.2.0.31-1.dsc: downloading from http://ftp.debian.org/debian/>
  - <tor_0.2.0.31-1.diff.gz: downloading from http://ftp.debian.org/debian/>
I: tor [universe] -> tor_0.1.2.19-3 [universe].
I: tor [universe] -> tor-dbg_0.1.2.19-3 [universe].

Changed in tor:
status:	Confirmed → Fix Released

Ubuntu
tor package

Please sync tor 0.2.0.31-1 (universe) from Debian unstable (main)

Bug Description

Duplicates of this bug

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntutor package

Please sync tor 0.2.0.31-1 (universe) from Debian unstable (main)

Bug Description

Duplicates of this bug

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
tor package