Tor v0.2.0.3-alpha
Jul 30th, 2007 by anonymous
Roger Dingeldine just bumped Tor SVN revision 10982 (/tor/trunk) to 0.2.0.3-alpha and put it in place for immediate testing at http://freehaven.net/~arma/tor-0.2.0.3-alpha.tar.gz
The Changelog.
0.2.0.3-alpha changelog story is this:
Changes in version 0.2.0.3-alpha - 2007-07-29
o Major features:
- Create listener connections before we setuid to the configured
User and Group. Now you can choose port values under 1024, start
Tor as root, and have Tor bind those ports before it changes to
another UID.
- New ConstrainedSockets option to set SO_SNDBUF and SO_RCVBUF on TCP
sockets. Hopefully useful for Tor servers running on “vserver”
accounts. (Patch from coderman.)
- Be even more aggressive about separating local traffic from relayed
traffic when RelayBandwidthRate is set. (Refines proposal 111.)o Major features (experimental):
- First cut of code for directory authorities to vote on a common
network status document rather than each publishing their own
opinion. This code needs more testing and more corner-case handling
before it’s ready for use.o Security fixes:
- Directory authorities now call routers Fast if their bandwidth is
at least 100KB/s, and consider their bandwidth adequate to be a
Guard if it is at least 250KB/s, no matter the medians. This fix
complements proposal 107. [Bugfix on 0.1.2.x]
- Directory authorities now never mark more than 3 servers per IP as
Valid and Running. (Implements proposal 109, by Kevin Bauer and
Damon McCoy.)
- Minor change to organizationName and commonName generation procedures
in certificates, to invalidate some earlier censorware approaches.
This is not a long-term solution, but applying it will give us a bit of
time to look into the epidemiology of countermeasures as they spread.o Major bugfixes (directory):
- Rewrite directory tokenization code to never run off the end of
a string. Fixes bug 455. Patch from croup. [Bugfix on 0.1.2.x]o Minor features (controller):
- Add a SOURCE_ADDR field to STREAM NEW events so that controllers can
match requests to applications. (Patch from Robert Hogan.)
- Report address and port correctly on connections to DNSPort. (Patch
from Robert Hogan.)
- Add a RESOLVE command to launch hostname lookups. (Original patch
from Robert Hogan.)
- Add GETINFO status/enough-dir-info to let controllers tell whether
Tor has downloaded sufficient directory information. (Patch
from Tup.)
- You can now use the ControlSocket option to tell Tor to listen for
controller connections on Unix domain sockets on systems that
support them. (Patch from Peter Palfrader.)
- STREAM NEW events are generated for DNSPort requests and for
tunneled directory connections. (Patch from Robert Hogan.)
- New “GETINFO address-mappings/*” command to get address mappings
with expiry information. “addr-mappings/*” is now deprecated.
(Patch from Tup.)o Minor features (misc):
- Merge in some (as-yet-unused) IPv6 address manipulation code. (Patch
from croup.)
- The tor-gencert tool now creates all files as readable to the file
creator only, and write-protects the authority identity key.
- When dumping memory usage, list bytes used in buffer memory
free-lists.
- When running with dmalloc, dump more stats on hup and on exit.
- Directory authorities now fail quickly and (relatively) harmlessly
if they generate a network status document that is somehow
malformed.o Performance improvements:
- Be more aggressive with freeing buffer RAM or putting it on the
free lists.
- If exit bandwidth ever exceeds one third of total bandwidth, then
use the correct formula to weight exit nodes when choosing paths.
(Based on patch from Mike Perry.)
- Use Critical Sections rather than Mutexes for synchronizing threads
on win32; Mutexes are heavier-weight, and designed for synchronizing
between processes.o Deprecated and removed features:
- RedirectExits is now deprecated.
- Stop allowing address masks that do not correspond to bit prefixes.
We have warned about these for a really long time; now it’s time
to reject them. (Patch from croup.)o Minor bugfixes (directory):
- Fix another crash bug related to extra-info caching. (Bug found by
Peter Palfrader.) [Bugfix on 0.2.0.2-alpha]
- Directories no longer return a “304 not modified” when they don’t
have the networkstatus the client asked for. Also fix a memory
leak when returning 304 not modified. [Bugfixes on 0.2.0.2-alpha]
- We had accidentally labelled 0.1.2.x directory servers as not
suitable for begin_dir requests, and had labelled no directory
servers as suitable for uploading extra-info documents. [Bugfix
on 0.2.0.1-alpha]o Minor bugfixes (dns):
- Fix a crash when DNSPort is set more than once. (Patch from Robert
Hogan.) [Bugfix on 0.2.0.2-alpha]
- Add DNSPort connections to the global connection list, so that we
can time them out correctly. (Bug found by Robert Hogan.) [Bugfix
on 0.2.0.2-alpha]
- Fix a dangling reference that could lead to a crash when DNSPort is
changed or closed (Patch from Robert Hogan.) [Bugfix on
0.2.0.2-alpha]o Minor bugfixes (controller):
- Provide DNS expiry times in GMT, not in local time. For backward
compatibility, ADDRMAP events only provide GMT expiry in an extended
field. “GETINFO address-mappings” always does the right thing.
- Use CRLF line endings properly in NS events.
- Terminate multi-line control events properly. (Original patch from tup.)
[Bugfix on 0.1.2.x-alpha]
- Do not include spaces in SOURCE_ADDR fields in STREAM events. Resolves
bug 472. [Bugfix on 0.2.0.x-alpha]o Minor bugfixes (misc):
- Choose perfectly fairly among routers when choosing by bandwidth and
weighting by fraction of bandwidth provided by exits. Previously, we
would choose with only approximate fairness, and correct ourselves
if we ran off the end of the list. [Bugfix on 0.1.2.x]
No announcement yet
The Changelog is in the SVN. The package is packed. 2.0.3 is as good as released.
But it must be mentioned that there is no official announcement at this point in time. However, tor-0.2.0.3-alpha.tar.gz will be available at the official site & mirrors in addition to http://freehaven.net/~arma/tor-0.2.0.3-a… shortly.
You can also get the sourcecode for this exact version using the following command:
svn checkout https://tor-svn.freehaven.net/svn/tor/tr… tor -r 10982
DNS Server
One last detail. The latest Tor version can be used as DNS servers. All you have to do is to add something like this to your torrc:
DNSPort 53
DNSListenAddress 127.0.0.1
Root involvement also nice
New versions can also start as root, bind to low ports and then leave root and run doggedly on as whatever user you’ve set using User and Group in torrc.
Happy upgrading… and good luck.
