标题:Tor 0.3.0.6 is released: a new series is stable!
作者:nickm
日期:2017-05-03 10:36:22
内容:

Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series.

With the 0.3.0 series, clients and relays now use Ed25519 keys to authenticate their link connections to relays, rather than the old RSA1024 keys that they used before. (Circuit crypto has been Curve25519-authenticated since 0.2.4.8-alpha.) We have also replaced the guard selection and replacement algorithm to behave more robustly in the presence of unreliable networks, and to resist guard- capture attacks.

This series also includes numerous other small features and bugfixes, along with more groundwork for the upcoming hidden-services revamp.

Per our stable release policy, we plan to support the Tor 0.3.0 release series for at least the next nine months, or for three months after the first stable release of the 0.3.1 series: whichever is longer. If you need a release with long-term support, we recommend that you stay with the 0.2.9 series.

If you build Tor from source, you can find it at the usual place on the website. Packages should be ready over the next weeks, with a Tor Browser release in late May or early June.

Below are the changes since 0.2.9.10. For a list of only the changes since 0.3.0.5-rc, see the ChangeLog file.

Changes in version 0.3.0.6 - 2017-04-26

• Major features (directory authority, security):
  • The default for AuthDirPinKeys is now 1: directory authorities will reject relays where the RSA identity key matches a previously seen value, but the Ed25519 key has changed. Closes ticket 18319.
• Major features (guard selection algorithm):
  • Tor's guard selection algorithm has been redesigned from the ground up, to better support unreliable networks and restrictive sets of entry nodes, and to better resist guard-capture attacks by hostile local networks. Implements proposal 271; closes ticket 19877.

• Major features (next-generation hidden services):
  • Relays can now handle v3 ESTABLISH_INTRO cells as specified by prop224 aka "Next Generation Hidden Services". Service and clients don't use this functionality yet. Closes ticket 19043. Based on initial code by Alec Heifetz.
  • Relays now support the HSDir version 3 protocol, so that they can can store and serve v3 descriptors. This is part of the next- generation onion service work detailled in proposal 224. Closes ticket 17238.
• Major features (protocol, ed25519 identity keys):
  • Clients now support including Ed25519 identity keys in the EXTEND2 cells they generate. By default, this is controlled by a consensus parameter, currently disabled. You can turn this feature on for testing by setting ExtendByEd25519ID in your configuration. This might make your traffic appear different than the traffic generated by other users, however. Implements part of ticket 15056; part of proposal 220.
  • Relays now understand requests to extend to other relays by their Ed25519 identity keys. When an Ed25519 identity key is included in an EXTEND2 cell, the relay will only extend the circuit if the other relay can prove ownership of that identity. Implements part of ticket 15056; part of proposal 220.
  • Relays now use Ed25519 to prove their Ed25519 identities and to one another, and to clients. This algorithm is faster and more secure than the RSA-based handshake we've been doing until now. Implements the second big part of proposal 220; Closes ticket 15055.
• Major features (security):
  • Change the algorithm used to decide DNS TTLs on client and server side, to better resist DNS-based correlation attacks like the DefecTor attack of Greschbach, Pulls, Roberts, Winter, and Feamster. Now relays only return one of two possible DNS TTL values, and clients are willing to believe DNS TTL values up to 3 hours long. Closes ticket 19769.
• Major bugfixes (client, onion service, also in 0.2.9.9):
  • Fix a client-side onion service reachability bug, where multiple socks requests to an onion service (or a single slow request) could cause us to mistakenly mark some of the service's introduction points as failed, and we cache that failure so eventually we run out and can't reach the service. Also resolves a mysterious "Remote server sent bogus reason code 65021" log warning. The bug was introduced in ticket 17218, where we tried to remember the circuit end reason as a uint16_t, which mangled negative values. Partially fixes bug 21056 and fixes bug 20307; bugfix on 0.2.8.1-alpha.
• Major bugfixes (crash, directory connections):
  • Fix a rare crash when sending a begin cell on a circuit whose linked directory connection had already been closed. Fixes bug 21576; bugfix on 0.2.9.3-alpha. Reported by Alec Muffett.
• Major bugfixes (directory authority):
  • During voting, when marking a relay as a probable sybil, do not clear its BadExit flag: sybils can still be bad in other ways too. (We still clear the other flags.) Fixes bug 21108; bugfix on 0.2.0.13-alpha.
• Major bugfixes (DNS):
  • Fix a bug that prevented exit nodes from caching DNS records for more than 60 seconds. Fixes bug 19025; bugfix on 0.2.4.7-alpha.
• Major bugfixes (IPv6 Exits):
  • Stop rejecting all IPv6 traffic on Exits whose exit policy rejects any IPv6 addresses. Instead, only reject a port over IPv6 if the exit policy rejects that port on more than an IPv6 /16 of addresses. This bug was made worse by 17027 in 0.2.8.1-alpha, which rejected a relay's own IPv6 address by default. Fixes bug 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
• Major bugfixes (parsing):
  • Fix an integer underflow bug when comparing malformed Tor versions. This bug could crash Tor when built with --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with -ftrapv by default. In other cases it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix on 0.0.8pre1. Found by OSS-Fuzz.
  • When parsing a malformed content-length field from an HTTP message, do not read off the end of the buffer. This bug was a potential remote denial-of-service attack against Tor clients and relays. A workaround was released in October 2016, to prevent this bug from crashing Tor. This is a fix for the underlying issue, which should no longer matter (if you applied the earlier patch). Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing using AFL (http://lcamtuf.coredump.cx/afl/).
• Major bugfixes (scheduler):
  • Actually compare circuit policies in ewma_cmp_cmux(). This bug caused the channel scheduler to behave more or less randomly, rather than preferring channels with higher-priority circuits. Fixes bug 20459; bugfix on 0.2.6.2-alpha.
• Major bugfixes (security, also in 0.2.9.9):
  • Downgrade the "-ftrapv" option from "always on" to "only on when --enable-expensive-hardening is provided." This hardening option, like others, can turn survivable bugs into crashes--and having it on by default made a (relatively harmless) integer overflow bug into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on 0.2.9.1-alpha.
• Minor feature (client):
  • Enable IPv6 traffic on the SocksPort by default. To disable this, a user will have to specify "NoIPv6Traffic". Closes ticket 21269.
• Minor feature (fallback scripts):
  • Add a check_existing mode to updateFallbackDirs.py, which checks if fallbacks in the hard-coded list are working. Closes ticket 20174. Patch by haxxpop.
• Minor feature (protocol versioning):
  • Add new protocol version for proposal 224. HSIntro now advertises version "3-4" and HSDir version "1-2". Fixes ticket 20656.
• Minor features (ciphersuite selection):
  • Allow relays to accept a wider range of ciphersuites, including chacha20-poly1305 and AES-CCM. Closes the other part of 15426.
  • Clients now advertise a list of ciphersuites closer to the ones preferred by Firefox. Closes part of ticket 15426.
• Minor features (controller):
  • Add "GETINFO sr/current" and "GETINFO sr/previous" keys, to expose shared-random values to the controller. Closes ticket 19925.
  • When HSFETCH arguments cannot be parsed, say "Invalid argument" rather than "unrecognized." Closes ticket 20389; patch from Ivan Markin.
• Minor features (controller, configuration):
  • Each of the *Port options, such as SocksPort, ORPort, ControlPort, and so on, now comes with a __*Port variant that will not be saved to the torrc file by the controller's SAVECONF command. This change allows TorBrowser to set up a single-use domain socket for each time it launches Tor. Closes ticket 20956.
  • The GETCONF command can now query options that may only be meaningful in context-sensitive lists. This allows the controller to query the mixed SocksPort/__SocksPort style options introduced in feature 20956. Implements ticket 21300.
• Minor features (diagnostic, directory client):
  • Warn when we find an unexpected inconsistency in directory download status objects. Prevents some negative consequences of bug 20593.
• Minor features (directory authorities):
  • Directory authorities now reject descriptors that claim to be malformed versions of Tor. Helps prevent exploitation of bug 21278.
  • Reject version numbers with components that exceed INT32_MAX. Otherwise 32-bit and 64-bit platforms would behave inconsistently. Fixes bug 21450; bugfix on 0.0.8pre1.
• Minor features (directory authority):
  • Add a new authority-only AuthDirTestEd25519LinkKeys option (on by default) to control whether authorities should try to probe relays by their Ed25519 link keys. This option will go away in a few releases--unless we encounter major trouble in our ed25519 link protocol rollout, in which case it will serve as a safety option.
• Minor features (directory cache):
  • Relays and bridges will now refuse to serve the consensus they have if they know it is too old for a client to use. Closes ticket 20511.
• Minor features (ed25519 link handshake):
  • Advertise support for the ed25519 link handshake using the subprotocol-versions mechanism, so that clients can tell which relays can identity themselves by Ed25519 ID. Closes ticket 20552.
• Minor features (entry guards):
  • Add UseEntryGuards to TEST_OPTIONS_DEFAULT_VALUES in order to not break regression tests.
  • Require UseEntryGuards when UseBridges is set, in order to make sure bridges aren't bypassed. Resolves ticket 20502.
• Minor features (fallback directories):
  • Allow 3 fallback relays per operator, which is safe now that we are choosing 200 fallback relays. Closes ticket 20912.
  • Annotate updateFallbackDirs.py with the bandwidth and consensus weight for each candidate fallback. Closes ticket 20878.
  • Display the relay fingerprint when downloading consensuses from fallbacks. Closes ticket 20908.
  • Exclude relays affected by bug 20499 from the fallback list. Exclude relays from the fallback list if they are running versions known to be affected by bug 20499, or if in our tests they deliver a stale consensus (i.e. one that expired more than 24 hours ago). Closes ticket 20539.
  • Make it easier to change the output sort order of fallbacks. Closes ticket 20822.
  • Reduce the minimum fallback bandwidth to 1 MByte/s. Part of ticket 18828.
  • Require fallback directories to have the same address and port for 7 days (now that we have enough relays with this stability). Relays whose OnionOO stability timer is reset on restart by bug 18050 should upgrade to Tor 0.2.8.7 or later, which has a fix for this issue. Closes ticket 20880; maintains short-term fix in 0.2.8.2-alpha.
  • Require fallbacks to have flags for 90% of the time (weighted decaying average), rather than 95%. This allows at least 73% of clients to bootstrap in the first 5 seconds without contacting an authority. Part of ticket 18828.
  • Select 200 fallback directories for each release. Closes ticket 20881.
• Minor features (fingerprinting resistence, authentication):
  • Extend the length of RSA keys used for TLS link authentication to 2048 bits. (These weren't used for forward secrecy; for forward secrecy, we used P256.) Closes ticket 13752.
• Minor features (geoip):
  • Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2 Country database.
• Minor features (geoip, also in 0.2.9.9):
  • Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2 Country database.
• Minor features (infrastructure):
  • Implement smartlist_add_strdup() function. Replaces the use of smartlist_add(sl, tor_strdup(str)). Closes ticket 20048.
• Minor features (linting):
  • Enhance the changes file linter to warn on Tor versions that are prefixed with "tor-". Closes ticket 21096.
• Minor features (logging):
  • In several places, describe unset ed25519 keys as "<unset>", rather than the scary "AAAAAAAA...AAA". Closes ticket 21037.
• Minor features (portability, compilation):
  • Autoconf now checks to determine if OpenSSL structures are opaque, instead of explicitly checking for OpenSSL version numbers. Part of ticket 21359.
  • Support building with recent LibreSSL code that uses opaque structures. Closes ticket 21359.
• Minor features (relay):
  • We now allow separation of exit and relay traffic to different source IP addresses, using the OutboundBindAddressExit and OutboundBindAddressOR options respectively. Closes ticket 17975. Written by Michael Sonntag.
• Minor features (reliability, crash):
  • Try better to detect problems in buffers where they might grow (or think they have grown) over 2 GB in size. Diagnostic for bug 21369.
• Minor features (testing):
  • During 'make test-network-all', if tor logs any warnings, ask chutney to output them. Requires a recent version of chutney with the 21572 patch. Implements 21570.
• Minor bugfix (control protocol):
  • The reply to a "GETINFO config/names" request via the control protocol now spells the type "Dependent" correctly. This is a breaking change in the control protocol. (The field seems to be ignored by the most common known controllers.) Fixes bug 18146; bugfix on 0.1.1.4-alpha.
  • The GETINFO extra-info/digest/<digest> command was broken because of a wrong base16 decode return value check, introduced when refactoring that API. Fixes bug 22034; bugfix on 0.2.9.1-alpha.
• Minor bugfix (logging):
  • Don't recommend the use of Tor2web in non-anonymous mode. Recommending Tor2web is a bad idea because the client loses all anonymity. Tor2web should only be used in specific cases by users who *know* and understand the issues. Fixes bug 21294; bugfix on 0.2.9.3-alpha.
• Minor bugfixes (bug resilience):
  • Fix an unreachable size_t overflow in base64_decode(). Fixes bug 19222; bugfix on 0.2.0.9-alpha. Found by Guido Vranken; fixed by Hans Jerry Illikainen.
• Minor bugfixes (build):
  • Replace obsolete Autoconf macros with their modern equivalent and prevent similar issues in the future. Fixes bug 20990; bugfix on 0.1.0.1-rc.
• Minor bugfixes (certificate expiration time):
  • Avoid using link certificates that don't become valid till some time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha
• Minor bugfixes (client):
  • Always recover from failures in extend_info_from_node(), in an attempt to prevent any recurrence of bug 21242. Fixes bug 21372; bugfix on 0.2.3.1-alpha.
  • When clients that use bridges start up with a cached consensus on disk, they were ignoring it and downloading a new one. Now they use the cached one. Fixes bug 20269; bugfix on 0.2.3.12-alpha.
• Minor bugfixes (code correctness):
  • Repair a couple of (unreachable or harmless) cases of the risky comparison-by-subtraction pattern that caused bug 21278.
• Minor bugfixes (config):
  • Don't assert on startup when trying to get the options list and LearnCircuitBuildTimeout is set to 0: we are currently parsing the options so of course they aren't ready yet. Fixes bug 21062; bugfix on 0.2.9.3-alpha.
• Minor bugfixes (configuration):
  • Accept non-space whitespace characters after the severity level in the `Log` option. Fixes bug 19965; bugfix on 0.2.1.1-alpha.
  • Support "TByte" and "TBytes" units in options given in bytes. "TB", "terabyte(s)", "TBit(s)" and "terabit(s)" were already supported. Fixes bug 20622; bugfix on 0.2.0.14-alpha.
• Minor bugfixes (configure, autoconf):
  • Rename the configure option --enable-expensive-hardening to --enable-fragile-hardening. Expensive hardening makes the tor daemon abort when some kinds of issues are detected. Thus, it makes tor more at risk of remote crashes but safer against RCE or heartbleed bug category. We now try to explain this issue in a message from the configure script. Fixes bug 21290; bugfix on 0.2.5.4-alpha.
• Minor bugfixes (consensus weight):
  • Add new consensus method that initializes bw weights to 1 instead of 0. This prevents a zero weight from making it all the way to the end (happens in small testing networks) and causing an error. Fixes bug 14881; bugfix on 0.2.2.17-alpha.
• Minor bugfixes (crash prevention):
  • Fix an (currently untriggerable, but potentially dangerous) crash bug when base32-encoding inputs whose sizes are not a multiple of 5. Fixes bug 21894; bugfix on 0.2.9.1-alpha.
• Minor bugfixes (dead code):
  • Remove a redundant check for PidFile changes at runtime in options_transition_allowed(): this check is already performed regardless of whether the sandbox is active. Fixes bug 21123; bugfix on 0.2.5.4-alpha.
• Minor bugfixes (descriptors):
  • Correctly recognise downloaded full descriptors as valid, even when using microdescriptors as circuits. This affects clients with FetchUselessDescriptors set, and may affect directory authorities. Fixes bug 20839; bugfix on 0.2.3.2-alpha.
• Minor bugfixes (directory mirrors):
  • Allow relays to use directory mirrors without a DirPort: these relays need to be contacted over their ORPorts using a begindir connection. Fixes one case of bug 20711; bugfix on 0.2.8.2-alpha.
  • Clarify the message logged when a remote relay is unexpectedly missing an ORPort or DirPort: users were confusing this with a local port. Fixes another case of bug 20711; bugfix on 0.2.8.2-alpha.
• Minor bugfixes (directory system):
  • Bridges and relays now use microdescriptors (like clients do) rather than old-style router descriptors. Now bridges will blend in with clients in terms of the circuits they build. Fixes bug 6769; bugfix on 0.2.3.2-alpha.
  • Download all consensus flavors, descriptors, and authority certificates when FetchUselessDescriptors is set, regardless of whether tor is a directory cache or not. Fixes bug 20667; bugfix on all recent tor versions.
• Minor bugfixes (documentation):
  • Update the tor manual page to document every option that can not be changed while tor is running. Fixes bug 21122.
• Minor bugfixes (ed25519 certificates):
  • Correctly interpret ed25519 certificates that would expire some time after 19 Jan 2038. Fixes bug 20027; bugfix on 0.2.7.2-alpha.
• Minor bugfixes (fallback directories):
  • Avoid checking fallback candidates' DirPorts if they are down in OnionOO. When a relay operator has multiple relays, this prioritizes relays that are up over relays that are down. Fixes bug 20926; bugfix on 0.2.8.3-alpha.
  • Stop failing when OUTPUT_COMMENTS is True in updateFallbackDirs.py. Fixes bug 20877; bugfix on 0.2.8.3-alpha.
  • Stop failing when a relay has no uptime data in updateFallbackDirs.py. Fixes bug 20945; bugfix on 0.2.8.1-alpha.
• Minor bugfixes (hidden service):
  • Clean up the code for expiring intro points with no associated circuits. It was causing, rarely, a service with some expiring introduction points to not open enough additional introduction points. Fixes part of bug 21302; bugfix on 0.2.7.2-alpha.
  • Resolve two possible underflows which could lead to creating and closing a lot of introduction point circuits in a non-stop loop. Fixes bug 21302; bugfix on 0.2.7.2-alpha.
  • Stop setting the torrc option HiddenServiceStatistics to "0" just because we're not a bridge or relay. Instead, we preserve whatever value the user set (or didn't set). Fixes bug 21150; bugfix on 0.2.6.2-alpha.
• Minor bugfixes (hidden services):
  • Make hidden services check for failed intro point connections, even when they have exceeded their intro point creation limit. Fixes bug 21596; bugfix on 0.2.7.2-alpha. Reported by Alec Muffett.
  • Make hidden services with 8 to 10 introduction points check for failed circuits immediately after startup. Previously, they would wait for 5 minutes before performing their first checks. Fixes bug 21594; bugfix on 0.2.3.9-alpha. Reported by Alec Muffett.
  • Stop ignoring misconfigured hidden services. Instead, refuse to start tor until the misconfigurations have been corrected. Fixes bug 20559; bugfix on multiple commits in 0.2.7.1-alpha and earlier.
• Minor bugfixes (IPv6):
  • Make IPv6-using clients try harder to find an IPv6 directory server. Fixes bug 20999; bugfix on 0.2.8.2-alpha.
  • When IPv6 addresses have not been downloaded yet (microdesc consensus documents don't list relay IPv6 addresses), use hard- coded addresses for authorities, fallbacks, and configured bridges. Now IPv6-only clients can use microdescriptors. Fixes bug 20996; bugfix on b167e82 from 19608 in 0.2.8.5-alpha.
• Minor bugfixes (memory leak at exit):
  • Fix a small harmless memory leak at exit of the previously unused RSA->Ed identity cross-certificate. Fixes bug 17779; bugfix on 0.2.7.2-alpha.
• Minor bugfixes (onion services):
  • Allow the number of introduction points to be as low as 0, rather than as low as 3. Fixes bug 21033; bugfix on 0.2.7.2-alpha.
• Minor bugfixes (portability):
  • Use "OpenBSD" compiler macro instead of "OPENBSD" or "__OpenBSD__". It is supported by OpenBSD itself, and also by most OpenBSD variants (such as Bitrig). Fixes bug 20980; bugfix on 0.1.2.1-alpha.
• Minor bugfixes (portability, also in 0.2.9.9):
  • Avoid crashing when Tor is built using headers that contain CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix on 0.2.9.1-alpha.
  • Fix Libevent detection on platforms without Libevent 1 headers installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha.
• Minor bugfixes (relay):
  • Avoid a double-marked-circuit warning that could happen when we receive DESTROY cells under heavy load. Fixes bug 20059; bugfix on 0.1.0.1-rc.
  • Honor DataDirectoryGroupReadable when tor is a relay. Previously, initializing the keys would reset the DataDirectory to 0700 instead of 0750 even if DataDirectoryGroupReadable was set to 1. Fixes bug 19953; bugfix on 0.0.2pre16. Patch by "redfish".
• Minor bugfixes (testing):
  • Fix Raspbian build issues related to missing socket errno in test_util.c. Fixes bug 21116; bugfix on 0.2.8.2. Patch by "hein".
  • Remove undefined behavior from the backtrace generator by removing its signal handler. Fixes bug 21026; bugfix on 0.2.5.2-alpha.
  • Use bash in src/test/test-network.sh. This ensures we reliably call chutney's newer tools/test-network.sh when available. Fixes bug 21562; bugfix on 0.2.9.1-alpha.
• Minor bugfixes (tor-resolve):
  • The tor-resolve command line tool now rejects hostnames over 255 characters in length. Previously, it would silently truncate them, which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5. Patch by "junglefowl".
• Minor bugfixes (unit tests):
  • Allow the unit tests to pass even when DNS lookups of bogus addresses do not fail as expected. Fixes bug 20862 and 20863; bugfix on unit tests introduced in 0.2.8.1-alpha through 0.2.9.4-alpha.
• Minor bugfixes (util):
  • When finishing writing a file to disk, if we were about to replace the file with the temporary file created before and we fail to replace it, remove the temporary file so it doesn't stay on disk. Fixes bug 20646; bugfix on 0.2.0.7-alpha. Patch by fk.
• Minor bugfixes (Windows services):
  • Be sure to initialize the monotonic time subsystem before using it, even when running as an NT service. Fixes bug 21356; bugfix on 0.2.9.1-alpha.
• Minor bugfixes (Windows):
  • Check for getpagesize before using it to mmap files. This fixes compilation in some MinGW environments. Fixes bug 20530; bugfix on 0.1.2.1-alpha. Reported by "ice".
• Code simplification and refactoring:
  • Abolish all global guard context in entrynodes.c; replace with new guard_selection_t structure as preparation for proposal 271. Closes ticket 19858.
  • Extract magic numbers in circuituse.c into defined variables.
  • Introduce rend_service_is_ephemeral() that tells if given onion service is ephemeral. Replace unclear NULL-checkings for service directory with this function. Closes ticket 20526.
  • Refactor circuit_is_available_for_use to remove unnecessary check.
  • Refactor circuit_predict_and_launch_new for readability and testability. Closes ticket 18873.
  • Refactor code to manipulate global_origin_circuit_list into separate functions. Closes ticket 20921.
  • Refactor large if statement in purpose_needs_anonymity to use switch statement instead. Closes part of ticket 20077.
  • Refactor the hashing API to return negative values for errors, as is done as throughout the codebase. Closes ticket 20717.
  • Remove data structures that were used to index or_connection objects by their RSA identity digests. These structures are fully redundant with the similar structures used in the channel abstraction.
  • Remove duplicate code in the channel_write_*cell() functions. Closes ticket 13827; patch from Pingl.
  • Remove redundant behavior of is_sensitive_dir_purpose, refactor to use only purpose_needs_anonymity. Closes part of ticket 20077.
  • The code to generate and parse EXTEND and EXTEND2 cells has been replaced with code automatically generated by the "trunnel" utility.
• Documentation (formatting):
  • Clean up formatting of tor.1 man page and HTML doc, where <pre> blocks were incorrectly appearing. Closes ticket 20885.
• Documentation (man page):
  • Clarify many options in tor.1 and add some min/max values for HiddenService options. Closes ticket 21058.
• Documentation:
  • Change '1' to 'weight_scale' in consensus bw weights calculation comments, as that is reality. Closes ticket 20273. Patch from pastly.
  • Clarify that when ClientRejectInternalAddresses is enabled (which is the default), multicast DNS hostnames for machines on the local network (of the form *.local) are also rejected. Closes ticket 17070.
  • Correct the value for AuthDirGuardBWGuarantee in the manpage, from 250 KBytes to 2 MBytes. Fixes bug 20435; bugfix on 0.2.5.6-alpha.
  • Include the "TBits" unit in Tor's man page. Fixes part of bug 20622; bugfix on 0.2.5.1-alpha.
  • Small fixes to the fuzzing documentation. Closes ticket 21472.
  • Stop the man page from incorrectly stating that HiddenServiceDir must already exist. Fixes 20486.
  • Update the description of the directory server options in the manual page, to clarify that a relay no longer needs to set DirPort in order to be a directory cache. Closes ticket 21720.
• Removed features:
  • The AuthDirMaxServersPerAuthAddr option no longer exists: The same limit for relays running on a single IP applies to authority IP addresses as well as to non-authority IP addresses. Closes ticket 20960.
  • The UseDirectoryGuards torrc option no longer exists: all users that use entry guards will also use directory guards. Related to proposal 271; implements part of ticket 20831.
• Testing:
  • Add tests for networkstatus_compute_bw_weights_v10.
  • Add unit tests circuit_predict_and_launch_new.
  • Extract dummy_origin_circuit_new so it can be used by other test functions.
  • New unit tests for tor_htonll(). Closes ticket 19563. Patch from "overcaffeinated".
  • Perform the coding style checks when running the tests and fail when coding style violations are found. Closes ticket 5500.

来自https://blog.torproject.org/blog/tor-0306-released-new-series-stable

Tor 0.3.0.6是Tor 0.3.0系列的第一个稳定版本。

使用0.3.0系列，客户端和继电器现在使用Ed25519键验证其与继电器的链接连接，而不是以前使用的旧RSA1024密钥。 （电路密码自从0.2.4.8-alpha以来一直是Curve25519认证的）。我们还替代了保护选择和替换算法，在存在不可靠的网络的情况下更强大地运行，并且抵抗了防护捕获攻击。

该系列还包括许多其他小功能和错误修复，以及即将到来的隐藏服务改造的更多基础。

根据我们的稳定发布政策，我们计划至少在未来九个月内支持Tor 0.3.0版本系列，或者在0.3.1系列首次稳定发布后三个月内以较长者为准。如果您需要长期支持的版本，我们建议您使用0.2.9系列。

如果您从源头构建Tor，您可以在网站上的通常位置找到它。软件包应在接下来的几周内准备好，Tor浏览器版可能在5月下旬或6月上旬。

以下是0.2.9.10以来的变化。有关仅0.3.0.5-rc之后的更改的列表，请参阅ChangeLog文件。

版本0.3.0.6 - 2017-04-26中的更改
主要功能（目录权限，安全性）：
AuthDirPinKeys的默认值现在为1：目录管理机构将拒绝RSA身份密钥与以前看到的值相匹配的继电器，但Ed25519密钥已更改。关闭票18319。
主要功能（保护选择算法）：
Tor的保卫选择算法已经从头开始重新设计，更好地支持不可靠的网络和限制性的入口节点，并更好地抵御敌对局部网络的防护捕获攻击。执行建议271;关闭票19877。
 

主要功能（下一代隐藏服务）：
继电器现在可以处理由prop224“下一代隐藏服务”指定的v3 ESTABLISH_INTRO单元格。服务和客户端还没有使用此功能。关闭票19043.根据Alec Heifetz的初始代码。
继电器现在支持HSDir版本3协议，以便它们可以存储和服务v3描述符。这是提案224中提到的下一代洋葱服务工作的一部分。关闭票17238。
主要功能（协议，ed25519身份密钥）：
客户现在支持在它们生成的EXTEND2单元中包含Ed25519身份密钥。默认情况下，它由一个共识参数控制，目前已禁用。您可以通过在配置中设置ExtendByEd25519ID来打开此功能进行测试。但是，这可能会使您的流量与其他用户生成的流量不同。执行部分票15056;提案220的一部分。
继电器现在可以通过Ed25519身份密钥了解对其他继电器的要求。当一个Ed25519身份密钥包含在EXTEND2单元中时，如果另一个继电器可以证明该身份的所有权，继电器将仅扩展电路。执行部分票15056;提案220的一部分。
继电器现在使用Ed25519来证明他们的Ed25519身份，并相互证明，并向客户证明。该算法比基于RSA的握手更快，更安全。实施提案220的第二大部分;关闭票15055。

主要功能（安全）：
更改用于在客户端和服务器端确定DNS TTL的算法，以更好地抵御基于DNS的关联攻击，如Greschbach，Pulls，Roberts，Winter和Feamster的DefecTor攻击。现在中继只返回两种可能的DNS TTL值之一，客户端愿意相信DNS TTL值长达3小时。关闭票19769。
主要错误修复（客户端，洋葱服务，也在0.2.9.9）：
修复了一个客户端洋葱服务可达性错误，多个袜子要求洋葱服务（或一个缓慢的请求）可能会导致我们错误地将某些服务的介绍点标记为失败，并且我们缓存该失败，最终我们用完了并且无法到达服务。还解决了一个神秘的“远程服务器发送虚假原因代码65021”的日志警告。该故障是在171818号机票中引入的，我们试图将电路结束的原因记录为uint16_t，从而损坏了负值。部分修复错误21056和修复错误20307; 0.2.8.1-alpha上的修补程序。
主要错误修复（崩溃，目录连接）：
在链接目录连接已关闭的电路上发送一个开始单元格时，修复罕见的崩溃。修复错误21576; 0.2.9.3-alpha上的修补程序。由亚历克·马塞特报道。
主要bug修复（目录权限）：
在表决过程中，当将继电器标记为可能的sybil时，不要清除其BadExit标志：sybils在其他方面仍然可能不好。 （我们还清除其他标志。）修复错误21108; 0.2.0.13-alpha上的修补程序。
主要错误修复（DNS）：
修复阻止退出节点缓存DNS记录超过60秒的错误。修复bug 19025;在0.2.4.7-alpha上的修补程序。
主要错误修复（IPv6退出）：
停止拒绝所有IPv6流量的退出策略拒绝任何IPv6地址的退出。相反，如果退出策略拒绝超过IPv6 / 16地址的端口，则仅拒绝IPv6端口。这个错误在0.228.1-alpha的17027年变得更糟了，默认情况下拒绝了继电器自己的IPv6地址。修复错误21357;在0.2.4.7-alpha中提交004f3f4e53的bugfix。
主要错误修正（解析）：
在比较畸形Tor版本时修复整数下溢错误。这个错误可能会在使用 - 昂贵硬化的情况下崩溃，或者在Tor 0.2.9.8的Tor 0.2.9.1-alpha上，默认情况下使用-ftrapv构建。在其他情况下，它是无害的。 TROVE-2017-001的一部分。修复错误21278; bug修复0.0.8pre1。由OSS-Fuzz找到。
从HTTP消息解析格式不正确的内容长度字段时，请勿读取缓冲区的末尾。这个错误是对Tor客户端和中继器的潜在的远程拒绝服务攻击。解决方法于2016年10月发布，以防止此错误崩溃Tor。这是一个基础问题的修复，这不应再重要（如果您应用了早期的补丁）。修复错误20894; 0.2.0.16-alpha上的修补程序。通过使用AFL（http://lcamt​​uf.coredump.cx/afl/）进行模糊处理发现错误。
主要错误修复（调度程序）：
实际上比较ewma_cmp_cmux（）中的电路策略。这个错误导致信道调度器的行为或多或少随机，而不是喜欢具有较高优先级电路的信道。修复错误20459; 0.2.6.2-alpha上的修补程序。
主要错误修复（安全性，也在0.2.9.9）：
将“-ftrapv”选项从“始终开启”降级为“仅在提供昂贵硬化的情况下才能”。这种硬化选项，像其他人一样，可以将生存的错误变成崩溃 - 默认情况下，它将一个（相对无害的）整数溢出错误转化为拒绝服务的错误。修复错误21278（TROVE-2017-001）; 0.2.9.1-alpha上的修补程序。
次要功能（客户端）：
默认情况下，在SocksPort上启用IPv6流量。要禁用此功能，用户将必须指定“NoIPv6Traffic”。关闭票21269。

次要功能（后备脚本）：
将check_existing模式添加到updateFallbackDirs.py，它检查硬编码列表中的后备是否正常。关闭票20174.补丁由haxxpop。
次要功能（协议版本控制）：
为建议224添加新协议版本。HSIntro现在发布版本“3-4”和HSDir版本“1-2”。修复票20656。
次要功能（密码选择）：
允许继电器接受更广泛的密码，包括chacha20-poly1305和AES-CCM。关闭15426的另一部分。
客户端现在发布一个更接近Firefox的首选密码的列表。关闭零售票15426。
次要功能（控制器）：
添加“GETINFO sr / current”和“GETINFO sr / previous”键，将共享随机值公开给控制器。关闭票19925。
当HSFETCH参数无法解析时，请说“无效参数”，而不是“无法识别”。关门票20389;补丁来自Ivan Markin。
次要功能（控制器，配置）：
每个*端口选项，如SocksPort，ORPort，ControlPort等，现在都附带一个__ *端口变体，不会被控制器的SAVECONF命令保存到torrc文件。此更改允许TorBrowser在每次启动Tor时设置一次性使用的域套接字。关门票20956。
GETCONF命令现在可以查询可能只在上下文相关列表中有意义的选项。这允许控制器查询功能20956中引入的混合SocksPort / __ SocksPort风格选项。实现票证21300。
次要功能（诊断，目录客户端）：
当目录下载状态对象发现意外的不一致时，警告。防止错误20593的一些负面后果。
次要功能（目录权限）：
目录管理机构现在拒绝称为Tor格式错误的描述符。有助于防止利用错误21278。
拒绝使用超过INT32_MAX的组件的版本号。否则，32位和64位平台的行为会不一致。修复错误21450; bug修复0.0.8pre1。
次要功能（目录权限）：
添加一个新的仅授权的AuthDirTestEd25519LinkKeys选项（默认情况下打开），以控制当局是否应该尝试通过其Ed25519链接键来探测中继。这个选项将在几个版本中消失，除非我们在ed25519链接协议推出中遇到重大麻烦，在这种情况下，它将作为一个安全选项。
次要功能（目录缓存）：
如果继续人员和桥梁知道客户使用太旧，现在将拒绝服务他们所达成的协商一致意见。关门票20511。
次要功能（ed25519链接握手）：
使用子协议版本机制广告支持ed25519链接握手，以便客户端可以知道哪些中继可以通过Ed25519 ID进行身份识别。关门票20552。
次要功能（入门防护）：
将UseEntryGuards添加到TEST_OPTIONS_DEFAULT_VALUES以便不会中断回归测试。
当UseBridge设置时，需要UseEntryGuards，以确保不绕过网桥。解决票20502。
次要功能（后备目录）：
每个操作员允许3个后备继电器，这是安全的，现在我们选择了200个后备继电器。关门票20912。
注释updateFallbackDirs.py具有每个候选回退的带宽和共享权重。关门票20878。
当从后备书下载共同体时，显示继电器指纹。关门票20908。
从后备列表中排除受错误20499影响的继电器。如果运行已知受到错误20499影响的版本，或者在我们的测试中，它们会传递陈旧的共识（即超过24小时之前的过期），则从后备列表中排除继电器。关门票20539。
使更容易更改后备的输出排序顺序。关门票20822。
将最小回退带宽降低到1 MByte / s。部分票18828。
要求备份目录具有相同的地址和端口7天（现在我们有足够的继电器与这种稳定性）。 OnionOO稳定定时器在重新启动时由错误18050重置的继电器应升级到Tor 0.2.8.7或更高版本，这对此问题有一个修复。关门票20880;短期维持在0.2.8.2-alpha。
需要回退90％的时间（加权衰减平均值），而不是95％的标志。这允许至少73％的客户端在前5秒内引导，而无需联系权限。部分票18828。
为每个版本选择200个后备目录。关门票20881。

次要功能（指纹电阻，认证）：
将用于TLS链路认证的RSA密钥的长度扩展到2048位。 （这些不用于前瞻性保密;为了保密，我们使用P256）关闭票13752。
次要功能（geoip）：
将geoip和geoip6更新为2017年4月4日Maxmind GeoLite2国家数据库。
次要特征（geoip，也在0.2.9.9）：
将geoip和geoip6更新为2017年1月4日Maxmind GeoLite2国家数据库。
次要功能（基础设施）：
实现smartlist_add_strdup（）函数。替换smartlist_add（sl，tor_strdup（str））的使用。关闭票20048。
次要功能（linting）：
在“Tor-”前缀的Tor版本上增强了更改文件linter的警告。关门票21096。
次要功能（记录）：
在几个地方，将ed25519键设置为“<unset>”，而不是可怕的“AAAAAAAA ... AAA”。关门票21037。
次要功能（可移植性，编译）：
Autoconf现在检查以确定OpenSSL结构是否是不透明的，而不是显式检查OpenSSL版本号。部分票21359。
支持建筑与最近使用不透明结构的LibreSSL代码。关闭票21359。
次要功能（继电器）：
我们现在允许分别使用OutboundBindAddressExit和OutboundBindAddressOR选项将出口和中继流量分离到不同的源IP地址。关闭票17975.由Michael Sonntag撰写。
次要功能（可靠性，崩溃）：
尝试更好地检测缓冲区中可能会增长（或认为它们已经增长）的大小超过2 GB的问题。诊断错误21369。
次要功能（测试）：
在'make test-network-all'期间，如果tor记录任何警告，请询问chutney输出它们。需要一个最新版本的chutney与21572补丁。实施21570。
次要错误修复（控制协议）：
现在通过控制协议对“GETINFO config / names”请求的回复正确地表示“依赖”类型。这是控制协议中的突破性变化。 （该字段似乎被最常见的已知控制器忽略。）修复错误18146; 0.1.1.4-alpha上的bugfix。
由于在重构该API时引入了错误的base16解码返回值检查，GETINFO extra-info / digest / <digest>命令已损坏。修复错误22034; 0.2.9.1-alpha上的修补程序。
次要bugfix（日志记录）：
不建议在非匿名模式下使用Tor2web。推荐Tor2web是一个坏主意，因为客户端失去了所有的匿名。 Tor2web只能在具体情况下使用*知道*并了解问题的用户。修复错误21294; 0.2.9.3-alpha上的修补程序。
小错误修复（bug弹性）：
修复base64_decode（）中不可达到的size_t溢出。修复bug 19222; 0.2.0.9-alpha上的修补程序。由Guido Vranken发现由Hans Jerry Illikainen修复。
小修复（构建）：
用现代的等效替换过时的Autoconf宏，并防止将来出现类似的问题。修复bug 20990; bug修复0.1.0.1-rc。
次要错误修复（证书过期时间）：
避免使用将来无效的链接证书。修复错误21420; 0.2.4.11-alpha上的修补程序
次要错误修复（客户端）：
始终从extend_info_from_node（）中的故障中恢复，以防止错误21242的任何重复。修复错误21372; 0.2.3.1-alpha上的修补程序。
当使用桥梁的客户端在磁盘上启动缓存的共识时，它们忽略它并下载一个新的。现在他们使用缓存的。修复错误20269; 0.2.3.12-alpha上的修补程序。
次要错误修正（代码正确性）：
修复导致错误21278的危险的比较减法模式的几个（不可达到或无害）的情况。
小错误（config）：
尝试获取选项列表并且LearnCircuitBuildTimeout设置为0时，不要在启动时断言：我们当前正在解析选项，所以当然还没有准备好。修复错误21062; 0.2.9.3-alpha上的修补程序。
次要错误修复（配置）：
在“日志”选项中的严重性级别后接受非空格的空白字符。修复错误19965; 0.2.1.1-alpha上的修补程序。
支持“TByte”和“TBytes”单位，以字节为单位。已经支持“TB”，“TB”，“TBit”和“terabit”。修复错误20622; 0.2.0.14-alpha上的修补程序。
次要错误修复（configure，autoconf）：
将配置选项重命名为昂贵的硬化到易于脆弱的硬化。昂贵的硬化使得在检测到某些类型的问题时，tor守护进程中止。因此，它会导致更多的远程崩溃的风险，但对RCE或令人失望的bug类别更安全。我们现在尝试从configure脚本的消息中解释此问题。修复错误21290; 0.2.5.4-alpha上的bugfix。

次要错误（共识重量）：
添加新的共识方法，将bw权重初始化为1而不是0.这样可以防止零权重一直到最后（在小型测试网络中发生）并导致错误。修复bug 14881; 0.2.2.17-alpha上的修补程序。
小故障修复（防碰撞）：
修复一个（当前不可修复但可能是危险的）崩溃错误，当base32编码输入的大小不是5的倍数。修复错误21894; 0.2.9.1-alpha上的修补程序。
小错误修复（死码）：
在options_transition_allowed（）中删除运行时PidFile更改的冗余检查：此检查已执行，无论沙箱是否处于活动状态。修复错误21123; 0.2.5.4-alpha上的bugfix。
次要错误修正（描述符）：
正确识别下载的完整描述符为有效，即使使用微型描述符作为电路。这会影响到FetchUselessDescriptors设置的客户端，并可能影响目录管理。修复错误20839;在0.2.3.2-alpha上的修补程序。
次要错误修复（目录镜像）：
允许中继使用不带DirPort的目录镜像：这些中继需要使用begindir连接通过其ORPorts进行联系。修复了一例错误20711; 0.2.8.2-alpha上的修补程序。
当远程中继意外地缺少ORPort或DirPort时，请澄清记录的消息：用户将此与本地端口混淆。修复另一个bug 20711的情况; 0.2.8.2-alpha上的修补程序。
次要错误修复（目录系统）：
桥接器和继电器现在使用微型脚本（如客户端）而不是旧式路由器描述符。现在，桥梁将与客户融合，建立起电路。修复错误6769;在0.2.3.2-alpha上的修补程序。
当FetchUselessDescriptors设置时，下载所有共同的口味，描述符和权限证书，无论tor是否是目录缓存。修复错误20667;所有最新版本的bug修复。
小修复（文档）：
更新tor手册页面以记录tor运行时无法更改的每个选项。修复错误21122。
次要错误修正（ed25519证书）：
正确解释ed25519证书，将在2038年1月19日以后过期。修正错误20027; 0.2.7.2-alpha上的修补程序。
次要错误修复（后备目录）：
如果它们在OnionOO中关闭，请避免检查后备候选人的DirPorts。当继电器操作员有多个继电器时，这将优先处理继电器的继电器。修复bug 20926; 0.2.8.3-alpha上的修补程序。
在updateFallbackDirs.py中OUTPUT_COMMENTS为True时，停止失败。修复bug 20877; 0.2.8.3-alpha上的修补程序。
继电器在updateFallbackDirs.py中没有正常运行时间数据时，停止失败。修复bug 20945; 0.2.8.1-alpha上的修补程序。

小修复（隐藏服务）：
清理没有关联电路到期的介绍点的代码。很少有一个服务有一些到期的介绍点，没有开放足够的额外的介绍点。修复了错误21302的一部分; 0.2.7.2-alpha上的修补程序。
解决两个可能的下溢，这可能导致在不间断循环中创建和关闭大量引入点电路。修复错误21302; 0.2.7.2-alpha上的修补程序。
停止将torrc选项HiddenServiceStatistics设置为“0”，因为我们不是桥接器或继电器。相反，我们保留用户设置（或未设置）的任何值。修复错误21150; 0.2.6.2-alpha上的修补程序。
次要错误修复（隐藏服务）：
使隐藏的服务检查失败的简介点连接，即使他们已经超过了介绍点创建限制。修复错误21596; 0.2.7.2-alpha上的修补程序。由亚历克·马塞特报道。
使用8到10个引入点隐藏服务，启动后立即检查故障电路。以前，他们会等待5分钟才能进行第一次检查。修复错误21594; 0.2.3.9-alpha上的修补程序。由亚历克·马塞特报道。
停止忽略配置错误的隐藏服务。相反，拒绝启动，直到错误配置被更正。修复错误20559;在0.2.7.1-alpha和更早版本中的多个提交的修补程序。
次要错误修复（IPv6）：
使IPv6使用客户端尝试更难找到IPv6目录服务器。修复bug 20999; 0.2.8.2-alpha上的修补程序。
当IPv6地址尚未下载（Microdesc一致文件不列出中继IPv6地址）时，请使用硬编码地址进行权限，备用和配置桥接。现在只有IPv6的客户端可以使用微型描述符。修复bug 20996;来自1960年的b167e82的修补程序为0.2.8.5-alpha。
次要错误修复（出口时出现内存泄漏）：
在以前未使用的RSA> Ed身份交叉证书的出口处修复一个小的无害的内存泄漏。修复错误17779; 0.2.7.2-alpha上的修补程序。
次要的错误修复（洋葱服务）：
允许引入点的数量低至0，而不是3。修复错误21033; 0.2.7.2-alpha上的修补程序。

次要错误修复（可移植性）：
使用“OpenBSD”编译器宏而不是“OPENBSD”或“__OpenBSD__”。它由OpenBSD本身以及大多数OpenBSD变体（如Bitrig）支持。修复bug 20980; 0.1.2.1-alpha上的修补程序。
次要错误修复（可移植性，也在0.2.9.9）：
当使用包含CLOCK_MONOTONIC_COARSE的头构建Tor时，避免崩溃，但是尝试在没有CLOCK_MONOTONIC_COARSE的旧内核上运行。修复错误21035; 0.2.9.1-alpha上的修补程序。
在没有安装Libevent 1标头的平台上修复Libevent检测。修复错误21051; 0.2.9.1-alpha上的修补程序。
次要错误（继电器）：
避免在重负载下收到DESTROY电池时发生双重标记的电路警告。修复bug 20059; bug修复0.1.0.1-rc。
荣誉DataDirectoryGroup当tor是继电器时可读。以前，初始化密钥会将DataDirectory重置为0700而不是0750，即使DataDirectoryGroupReadable设置为1.修复错误19953; bug修复0.0.2pre16。补丁“红鱼”。
次要错误修复（测试）：
修复与test_util.c中缺少的套接字errno相关的Raspbian构建问题。修复错误21116;修补程序在0.2.8.2。补丁由“hein”。
通过删除其信号处理程序从回溯生成器中删除未定义的行为。修复bug 21026; 0.2.5.2-alpha上的修补程序。
在src / test / test-network.sh中使用bash。这确保我们可靠地调用chutney的较新工具/ test-network.sh。修复错误21562; 0.2.9.1-alpha上的修补程序。
次要错误修复（tor-resolve）：
tor-resolve命令行工具现在拒绝长度超过255个字符的主机名。以前，它会默默地截断它们，这可能会导致错误。修复错误21280; bug修复0.0.9pre5。补丁“junglefowl”。
次要错误修复（单元测试）：
允许单元测试通过，即使虚假地址的DNS查找未按预期方式发生故障。修复错误20862和20863;在0.2.8.1-alpha到0.2.9.4-alpha引入的单元测试上的bug修复。
小错误（util）：
当完成将文件写入磁盘时，如果我们要使用之前创建的临时文件替换文件，并且我们无法替换它，请删除临时文件，使其不会停留在磁盘上。修复bug 20646; 0.2.0.7-alpha上的修补程序。由fk补丁

次要错误修复（Windows服务）：
使用它之前，请确保初始化单调时间子系统，即使以NT服务运行。修复错误21356; 0.2.9.1-alpha上的修补程序。
次要错误修复（Windows）：
在使用mmap文件之前检查getpagesize。这会在一些MinGW环境中修复编译。修复错误20530; 0.1.2.1-alpha上的修补程序。 “冰”报道。
代码简化和重构：
取消entrynodes.c中的所有全局保护上下文;替换为新的guard_selection_t结构作为提案的准备271.关闭票19858。
将circuituse.c中的魔术数值提取为定义的变量。
介绍rend_service_is_ephemeral（），告诉洋洋服务是否是短暂的。使用此功能替换服务目录的不清楚的NULL检查。关门票20526。
Refactor circuit_is_available_for_use删除不必要的检查。
Refactor circuit_predict_and_launch_new的可读性和可测试性。关门票18873。
重构代码来将global_origin_circuit_list操作为单独的函数。关门票20921。
refactor大的if语句在intent_needs_anonymity中使用switch语句。关闭票20077的一部分。
重构哈希API以返回错误的负值，就像整个代码库一样。关闭票20717。
删除用于通过其RSA身份摘要对or_connection对象进行索引的数据结构。这些结构与通道抽象中使用的类似结构完全相同。
在channel_write_ * cell（）函数中删除重复的代码。关闭票13827;来自Pingl的补丁。
删除is_sensitive_dir_purpose的冗余行为，重构使用only_needs_anonymity。关闭票20077的一部分。
生成和解析EXTEND和EXTEND2单元格的代码已被“trunnel”实用程序自动生成的代码替换。
文件（格式）：
清理tor.1手册页和HTML文档的格式，其中<pre>块正确显示。关门票20885。
文档（手册页）：
澄清tor.1中的许多选项，并为HiddenService选项添加一些最小/最大值。关闭票21058。
文件：
将'1'改为“weight_scale”，在一致的情况下，权重计算注释，因为这是现实。关门票20273.从过去的补丁。
澄清当启用ClientRejectInternalAddresses（默认为）时，本地网络（形式为* .local）上的机器的多播DNS主机名也被拒绝。关闭票17070。
更正联机帮助页面中AuthDirGuardBWGuarantee的值，从250 KB到2 MB。修复错误20435; 0.2.5.6-alpha上的修补程序。
在Tor的手册页中包含“TBits”单位。修复了bug 20622的一部分; 0.2.5.1-alpha上的修补程序。
对模糊文档的小修复。关闭票21472。
停止手册页不正确地说明HiddenServiceDir必须已经存在。修复20486。
更新手册页面中目录服务器选项的说明，以说明中继不再需要设置DirPort以便成为目录缓存。关闭票21720。
已移除功能：
AuthDirMaxServersPerAuthAddr选项不再存在：在单个IP上运行的中继器的相同限制适用于授权IP地址以及非授权IP地址。关门票20960。
UseDirectoryGuards torrc选项不再存在：所有使用入口守卫的用户也将使用目录保护。与提案271有关;实施票20831的一部分。
测试：
为networkstatus_compute_bw_weights_v10添加测试。
添加单元测试circuit_predict_and_launch_new。
提取dummy_origin_circuit_new，以便其他测试功能使用。
tor_htonll（）的新单元测试。关闭票19563.从“过度咖啡因”补丁。
运行测试时执行编码风格检查，并在找到编码风格违规时失败。关门票5500。

返回列表 网站首页