Softpedia >Mac >Network/Admin >Vidalia >  Changelog

Vidalia Changelog

What's new in Vidalia 0.2.4.20

Jan 20, 2014
  • Don't wait so long before attempting to reload the router list if the ns/all command returned empty. Fixes bug 6483.
  • Stop trying to load router information if torControl is not connected anymore. Fixes bug 6482.
  • Save ControlPortWriteToFile with a relative path instead of an absolute one. Fixes bug 6568.
  • Fix RouterDescriptor's bandwidth and uptime values when defined from the consensus. Fixes bug 6601.

New in Vidalia 0.2.3.12 Alpha (Feb 15, 2012)

  • Major bugfixes:
  • Fix builds when the path to sed, openssl, or sha1sum contains spaces, which is pretty common on Windows. Fixes bug 5065; bugfix on 0.2.2.1-alpha.
  • Set the SO_REUSEADDR socket option before we call bind() on outgoing connections. This change should allow busy exit relays to stop running out of available sockets as quickly. Fixes bug 4950; bugfix on 0.2.2.26-beta.
  • Allow 0.2.3.x clients to use 0.2.2.x bridges. Previously the client would ask the bridge for microdescriptors, which are only supported in 0.2.3.x, and then fail to bootstrap when it didn't get the answers it wanted. Fixes bug 4013; bugfix on 0.2.3.2-alpha.
  • Avoid an assert when managed proxies like obfsproxy are configured, and we receive HUP signals or configuration values too rapidly. This situation happens most commonly when Vidalia tries to attach to Tor or tries to configure the Tor it's attached to. Fixes bug 5084; bugfix on 0.2.3.6-alpha.
  • Properly set up obfsproxy's environment when in managed mode. The Tor Browser Bundle needs LD_LIBRARY_PATH to be passed to obfsproxy, and when you run your Tor as a daemon, there's no HOME. Fixes bugs 5076 and 5082; bugfix on 0.2.3.6-alpha.
  • Minor features:
  • Use the dead_strip option when building Tor on OS X. This reduces binary size by almost 19% when linking openssl and libevent statically, which we do for Tor Browser Bundle.
  • Fix broken URLs in the sample torrc file, and tell readers about the OutboundBindAddress, ExitPolicyRejectPrivate, and PublishServerDescriptor options. Addresses bug 4652.
  • Update to the February 7 2012 Maxmind GeoLite Country database.
  • Minor bugfixes:
  • Downgrade the "We're missing a certificate" message from notice to info: people kept mistaking it for a real problem, whereas it is seldom the problem even when we are failing to bootstrap. Fixes bug 5067; bugfix on 0.2.0.10-alpha.
  • Don't put "TOR_PT_EXTENDED_SERVER_PORT=127.0.0.1:4200" in a managed pluggable transport server proxy's environment. Previously, we would put it there, even though Tor doesn't implement an 'extended server port' yet, and even though Tor almost certainly isn't listening at that address. For now, we set it to an empty string to avoid crashing older obfsproxies. Bugfix on 0.2.3.6-alpha.
  • Log the heartbeat message every HeartbeatPeriod seconds, not every HeartbeatPeriod + 1 seconds. Fixes bug 4942; bugfix on 0.2.3.1-alpha. Bug reported by Scott Bennett.
  • Calculate absolute paths correctly on Windows. Fixes bug 4973; bugfix on 0.2.3.11-alpha.
  • Update "ClientOnly" man page entry to explain that there isn't really any point to messing with it. Resolves ticket 5005.
  • Use the correct CVE number for CVE-2011-4576 in our comments and log messages. Found by "fermenthor". Resolves bug 5066; bugfix on 0.2.3.11-alpha.
  • Code simplifications and refactoring:
  • Use the _WIN32 macro throughout our code to detect Windows. (Previously we had used the obsolete 'WIN32' and the idiosyncratic 'MS_WINDOWS'.)

New in Vidalia 0.2.3.10 Alpha (Dec 17, 2011)

  • Major bugfixes:
  • Fix a heap overflow bug that could occur when trying to pull data into the first chunk of a buffer, when that chunk had already had some data drained from it. Fixes CVE-2011-2778; bugfix on 0.2.0.16-alpha. Reported by "Vektor".
  • Minor bugfixes:
  • If we can't attach streams to a rendezvous circuit when we finish connecting to a hidden service, clear the rendezvous circuit's stream-isolation state and try to attach streams again. Previously, we cleared rendezvous circuits' isolation state either too early (if they were freshly built) or not at all (if they had been built earlier and were cannibalized). Bugfix on 0.2.3.3-alpha; fixes bug 4655.
  • Fix compilation of the libnatpmp helper on non-Windows. Bugfix on 0.2.3.9-alpha; fixes bug 4691. Reported by Anthony G. Basile.
  • Fix an assertion failure when a relay with accounting enabled starts up while dormant. Fixes bug 4702; bugfix on 0.2.3.9-alpha.
  • Minor features:
  • Update to the December 6 2011 Maxmind GeoLite Country database.

New in Vidalia 0.2.2.35 (Dec 17, 2011)

  • Major bugfixes:
  • Fix a heap overflow bug that could occur when trying to pull data into the first chunk of a buffer, when that chunk had already had some data drained from it. Fixes CVE-2011-2778; bugfix on 0.2.0.16-alpha. Reported by "Vektor".
  • Initialize Libevent with the EVENT_BASE_FLAG_NOLOCK flag enabled, so that it doesn't attempt to allocate a socketpair. This could cause some problems on Windows systems with overzealous firewalls. Fix for bug 4457; workaround for Libevent versions 2.0.1-alpha through 2.0.15-stable.
  • If we mark an OR connection for close based on a cell we process, don't process any further cells on it. We already avoid further reads on marked-for-close connections, but now we also discard the cells we'd already read. Fixes bug 4299; bugfix on 0.2.0.10-alpha, which was the first version where we might mark a connection for close based on processing a cell on it.
  • Correctly sanity-check that we don't underflow on a memory allocation (and then assert) for hidden service introduction point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410; bugfix on 0.2.1.5-alpha.
  • Fix a memory leak when we check whether a hidden service descriptor has any usable introduction points left. Fixes bug 4424. Bugfix on 0.2.2.25-alpha.
  • Don't crash when we're running as a relay and don't have a GeoIP file. Bugfix on 0.2.2.34; fixes bug 4340. This backports a fix we've had in the 0.2.3.x branch already.
  • When running as a client, do not print a misleading (and plain wrong) log message that we're collecting "directory request" statistics: clients don't collect statistics. Also don't create a useless (because empty) stats file in the stats/ directory. Fixes bug 4353; bugfix on 0.2.2.34.
  • Minor bugfixes:
  • Detect failure to initialize Libevent. This fix provides better detection for future instances of bug 4457.
  • Avoid frequent calls to the fairly expensive cull_wedged_cpuworkers function. This was eating up hideously large amounts of time on some busy servers. Fixes bug 4518; bugfix on 0.0.9.8.
  • Resolve an integer overflow bug in smartlist_ensure_capacity(). Fixes bug 4230; bugfix on Tor 0.1.0.1-rc. Based on a patch by Mansour Moufid.
  • Don't warn about unused log_mutex in log.c when building with --disable-threads using a recent GCC. Fixes bug 4437; bugfix on 0.1.0.6-rc which introduced --disable-threads.
  • When configuring, starting, or stopping an NT service, stop immediately after the service configuration attempt has succeeded or failed. Fixes bug 3963; bugfix on 0.2.0.7-alpha.
  • When sending a NETINFO cell, include the original address received for the other side, not its canonical address. Found by "troll_un"; fixes bug 4349; bugfix on 0.2.0.10-alpha.
  • Fix a typo in a hibernation-related log message. Fixes bug 4331; bugfix on 0.2.2.23-alpha; found by "tmpname0901".
  • Fix a memory leak in launch_direct_bridge_descriptor_fetch() that occurred when a client tried to fetch a descriptor for a bridge in ExcludeNodes. Fixes bug 4383; bugfix on 0.2.2.25-alpha.
  • Backport fixes for a pair of compilation warnings on Windows. Fixes bug 4521; bugfix on 0.2.2.28-beta and on 0.2.2.29-beta.
  • If we had ever tried to call tor_addr_to_str on an address of unknown type, we would have done a strdup on an uninitialized buffer. Now we won't. Fixes bug 4529; bugfix on 0.2.1.3-alpha. Reported by "troll_un".
  • Correctly detect and handle transient lookup failures from tor_addr_lookup. Fixes bug 4530; bugfix on 0.2.1.5-alpha. Reported by "troll_un".
  • Fix null-pointer access that could occur if TLS allocation failed. Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un".
  • Use tor_socket_t type for listener argument to accept(). Fixes bug 4535; bugfix on 0.2.2.28-beta. Found by "troll_un".
  • Minor features:
  • Add two new config options for directory authorities: AuthDirFastGuarantee sets a bandwidth threshold for guaranteeing the Fast flag, and AuthDirGuardBWGuarantee sets a bandwidth threshold that is always sufficient to satisfy the bandwidth requirement for the Guard flag. Now it will be easier for researchers to simulate Tor networks with different values. Resolves ticket 4484.
  • When Tor ignores a hidden service specified in its configuration, include the hidden service's directory in the warning message. Previously, we would only tell the user that some hidden service was ignored. Bugfix on 0.0.6; fixes bug 4426.
  • Update to the December 6 2011 Maxmind GeoLite Country database.
  • Packaging changes:
  • Make it easier to automate expert package builds on Windows, by removing an absolute path from makensis.exe command.

New in Vidalia 0.2.3.9 Alpha (Dec 16, 2011)

  • Major features:
  • Clients can now connect to private bridges over IPv6. Bridges still need at least one IPv4 address in order to connect to other relays. Note that we don't yet handle the case where the user has two bridge lines for the same bridge (one IPv4, one IPv6). Implements parts of proposal 186.
  • New "DisableNetwork" config option to prevent Tor from launching any connections or accepting any connections except on a control port. Bundles and controllers can set this option before letting Tor talk to the rest of the network, for example to prevent any connections to a non-bridge address. Packages like Orbot can also use this option to instruct Tor to save power when the network is off.
  • Clients and bridges can now be configured to use a separate "transport" proxy. This approach makes the censorship arms race easier by allowing bridges to use protocol obfuscation plugins. It implements the "managed proxy" part of proposal 180 (ticket 3472).
  • When using OpenSSL 1.0.0 or later, use OpenSSL's counter mode implementation. It makes AES_CTR about 7% faster than our old one (which was about 10% faster than the one OpenSSL used to provide). Resolves ticket 4526.
  • Add a "tor2web mode" for clients that want to connect to hidden services non-anonymously (and possibly more quickly). As a safety measure to try to keep users from turning this on without knowing what they are doing, tor2web mode must be explicitly enabled at compile time, and a copy of Tor compiled to run in tor2web mode cannot be used as a normal Tor client. Implements feature 2553.
  • Add experimental support for running on Windows with IOCP and no kernel-space socket buffers. This feature is controlled by a new "UserspaceIOCPBuffers" config option (off by default), which has no effect unless Tor has been built with support for bufferevents, is running on Windows, and has enabled IOCP. This may, in the long run, help solve or mitigate bug 98.
  • Use a more secure consensus parameter voting algorithm. Now at least three directory authorities or a majority of them must vote on a given parameter before it will be included in the consensus. Implements proposal 178.
  • Major bugfixes:
  • Hidden services now ignore the timestamps on INTRODUCE2 cells. They used to check that the timestamp was within 30 minutes of their system clock, so they could cap the size of their replay-detection cache, but that approach unnecessarily refused service to clients with wrong clocks. Bugfix on 0.2.1.6-alpha, when the v3 intro-point protocol (the first one which sent a timestamp field in the INTRODUCE2 cell) was introduced; fixes bug 3460.
  • Only use the EVP interface when AES acceleration is enabled, to avoid a 5-7% performance regression. Resolves issue 4525; bugfix on 0.2.3.8-alpha.
  • Privacy/anonymity features (bridge detection):
  • Make bridge SSL certificates a bit more stealthy by using random serial numbers, in the same fashion as OpenSSL when generating self-signed certificates. Implements ticket 4584.
  • Introduce a new config option "DynamicDHGroups", enabled by default, which provides each bridge with a unique prime DH modulus to be used during SSL handshakes. This option attempts to help against censors who might use the Apache DH modulus as a static identifier for bridges. Addresses ticket 4548.
  • Minor features (new/different config options):
  • New configuration option "DisableDebuggerAttachment" (on by default) to prevent basic debugging attachment attempts by other processes. Supports Mac OS X and Gnu/Linux. Resolves ticket 3313.
  • Allow MapAddress directives to specify matches against super-domains, as in "MapAddress *.torproject.orgĀ *.torproject.org.torserver.exit". Implements issue 933.
  • Slightly change behavior of "list" options (that is, config options that can appear more than once) when they appear both in torrc and on the command line. Previously, the command-line options would be appended to the ones from torrc. Now, the command-line options override the torrc options entirely. This new behavior allows the user to override list options (like exit policies and ports to listen on) from the command line, rather than simply appending to the list.
  • You can get the old (appending) command-line behavior for "list" options by prefixing the option name with a "+".
  • You can remove all the values for a "list" option from the command line without adding any new ones by prefixing the option name with a "/".
  • Add experimental support for a "defaults" torrc file to be parsed before the regular torrc. Torrc options override the defaults file's options in the same way that the command line overrides the torrc.
  • The SAVECONF controller command saves only those options which differ between the current configuration and the defaults file. HUP reloads both files. (Note: This is an experimental feature; its behavior will probably be refined in future 0.2.3.x-alpha versions to better meet packagers' needs.)
  • Minor features:
  • Try to make the introductory warning message that Tor prints on startup more useful for actually finding help and information. Resolves ticket 2474.
  • Running "make version" now displays the version of Tor that we're about to build. Idea from katmagic; resolves issue 4400.
  • Expire old or over-used hidden service introduction points. Required by fix for bug 3460.
  • Move the replay-detection cache for the RSA-encrypted parts of INTRODUCE2 cells to the introduction point data structures. Previously, we would use one replay-detection cache per hidden service. Required by fix for bug 3460.
  • Reduce the lifetime of elements of hidden services' Diffie-Hellman public key replay-detection cache from 60 minutes to 5 minutes. This replay-detection cache is now used only to detect multiple INTRODUCE2 cells specifying the same rendezvous point, so we can avoid launching multiple simultaneous attempts to connect to it.
  • Minor bugfixes (on Tor 0.2.2.x and earlier):
  • Resolve an integer overflow bug in smartlist_ensure_capacity(). Fixes bug 4230; bugfix on Tor 0.1.0.1-rc. Based on a patch by Mansour Moufid.
  • Fix a minor formatting issue in one of tor-gencert's error messages. Fixes bug 4574.
  • Prevent a false positive from the check-spaces script, by disabling the "whitespace between function name and (" check for functions named 'op()'.
  • Fix a log message suggesting that people contact a non-existent email address. Fixes bug 3448.
  • Fix null-pointer access that could occur if TLS allocation failed. Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un".
  • Report a real bootstrap problem to the controller on router identity mismatch. Previously we just said "foo", which probably made a lot of sense at the time. Fixes bug 4169; bugfix on 0.2.1.1-alpha.
  • If we had ever tried to call tor_addr_to_str() on an address of unknown type, we would have done a strdup() on an uninitialized buffer. Now we won't. Fixes bug 4529; bugfix on 0.2.1.3-alpha. Reported by "troll_un".
  • Correctly detect and handle transient lookup failures from tor_addr_lookup(). Fixes bug 4530; bugfix on 0.2.1.5-alpha. Reported by "troll_un".
  • Use tor_socket_t type for listener argument to accept(). Fixes bug 4535; bugfix on 0.2.2.28-beta. Found by "troll_un".
  • Initialize conn->addr to a valid state in spawn_cpuworker(). Fixes bug 4532; found by "troll_un".
  • Minor bugfixes (on Tor 0.2.3.x):
  • Fix a compile warning in tor_inet_pton(). Bugfix on 0.2.3.8-alpha; fixes bug 4554.
  • Don't send two ESTABLISH_RENDEZVOUS cells when opening a new circuit for use as a hidden service client's rendezvous point. Fixes bugs 4641 and 4171; bugfix on 0.2.3.3-alpha. Diagnosed with help from wanoskarnet.
  • Restore behavior of overriding SocksPort, ORPort, and similar options from the command line. Bugfix on 0.2.3.3-alpha.
  • Build fixes:
  • Properly handle the case where the build-tree is not the same as the source tree when generating src/common/common_sha1.i, src/or/micro-revision.i, and src/or/or_sha1.i. Fixes bug 3953; bugfix on 0.2.0.1-alpha.
  • Code simplifications, cleanups, and refactorings:
  • Remove the pure attribute from all functions that used it previously. In many cases we assigned it incorrectly, because the functions might assert or call impure functions, and we don't have evidence that keeping the pure attribute is worthwhile. Implements changes suggested in ticket 4421.
  • Remove some dead code spotted by coverity. Fixes cid 432. Bugfix on 0.2.3.1-alpha, closes bug 4637.

New in Vidalia 0.2.10 (Oct 4, 2010)

  • Drop remote GeoIP lookups. Instead, the default behavior now is to use the country-level GeoIP database that ships with Tor to map an IP address to a country code, and then map the country code to latitude and longitude with a separate database built into Vidalia.
  • Add a -DUSE_GEOIP build option to enable building with MaxMind?'s GeoIP C library for using a local city-level or country-level database instead of Tor's database. See README.geoip for details on use.
  • Only update a stream's displayed target address in the network map if no hostname was given in the stream's NEW status event. Fix suggested by Robert Hogan. (Ticket #608)
  • Update the menubar icon at the same time as the dock icon on OS X. Previously, we had a blank icon in the menubar. (Ticket #610)
  • Updated several translations.

New in Vidalia 0.2.7 (Mar 1, 2010)

  • Remove the explicit palette set for the configuration dialog that prevented the dialog from inheriting colors from the user's current system theme. (Ticket #485. Patch from mkirk.)
  • Correct the path to the badge pixmap used in time skew warning messages. (Ticket #537. Patch from mkirk.)
  • Fix compilation on Debian GNU/kFreeBSD. Patch from dererk.
  • Clean up a couple status event messages related to dangerous port warnings.
  • Change the vidalia_ru.nsh output encoding from KOI8-R to Windows-1251. (Ticket #527)
  • Add an option for building an OS X 10.4 compatible binary.

New in Vidalia 0.1.15 (Sep 4, 2009)

  • Bump the minimum required Qt version to 4.3.0.
  • Remove USE_QSSLSOCKET as a build option. If your Qt doesn't support OpenSSL, then you don't get GeoIP lookups.
  • Fix the TorPostFlight portion of the OS X bundle installer so it doesn't fail when installing Torbutton.

New in Vidalia 0.1.10 (Dec 3, 2008)

  • Add a prettier dialog for prompting people for their control port password that also includes a checkbox for whether the user wants Vidalia to remember the entered password, a Help button, and a Reset button.
  • Fix a crash bug that occurred when the user clicks 'Clear' in the message log toolbar followed by 'Save All'.
  • Uncheck the Torbutton options by default in the Windows bundle installer if Firefox is not installed.
  • Add an Windows bundle installer page that warns the user that they should install Firefox, if it looks like they haven't already done so.

New in Vidalia 0.1.2 (Apr 22, 2008)

  • Correctly load the CA certificate used to verify SSL connections to the GeoIP server. This caused Vidalia >= 0.1.0 clients built against Qt >= 4.3.2 to be unable to retrieve updated GeoIP information. (Ticket #349)
  • Fix compilation when UINT_MAX is not defined. (Ticket #350)
  • Bridges are no longer required to have a DirPort set as of Tor 0.2.0.13-alpha, so stop forcing it on for bridges. At some point, we'll likely start forcing DirPort to be disabled for bridges, and on by default but optional for normal relays. (Ticket #337)
  • Fix a typo in VidaliaMacros.cmake that would allow configuration to continue even if windres.exe couldn't be found.
  • Update the version of Torbutton included in the OS X bundle to 1.1.17-alpha, and actually include the bundle's uninstaller script.
  • Updated Finnish and Swedish translations.