forked from nextgens/Tor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
8456 lines (7569 loc) · 425 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Changes in version 0.2.2.6-alpha - 2009-10-??
o Major features:
- Directory authorities can now create, vote, and serve on multiple
parallel formats of directory data as part of their voting process.
This is a partial implementation of Proposal 162: "Publish the
consensus in multiple flavors."
- Directory authorities can now agree on and publish small summaries of
router information that clients can use in place of regular server
descriptors. This will eventually allow clients to use far less
bandwidth for downloading information about the network. This begins
the implementation of of Proposal 158: "Clients download a consensus +
Microdescriptors".
- The directory voting system is now extensible to use multiple hash
algorithms for signatures and resource selection. Newer formats are
signed with SHA256, with a possibility for moving to a better hash
algorithm in the future.
o Code simplifications and refactorings:
- Numerous changes, bugfixes, and workarounds from Nathan Freitas
to help Tor build correctly for Android phones.
- Begun converting Tor's signature and message digest logic to handle
multiple hash algorithms.
o Minor bugfixes:
- Fix a crash bug when trying to initialize the evdns module in
Libevent 2.
- Stop logging at severity 'warn' when some other Tor client tries
to establish a circuit with us using weak DH keys. It's a protocol
violation, but that doesn't mean ordinary users need to hear about
it. Fixes the bug part of bug 1114. Bugfix on 0.1.0.13.
Changes in version 0.2.2.5-alpha - 2009-10-11
Tor 0.2.2.5-alpha fixes a few compile problems in 0.2.2.4-alpha.
o Major bugfixes:
- Make the tarball compile again. Oops. Bugfix on 0.2.2.4-alpha.
o New directory authorities:
- Move dizum to an alternate IP address.
Changes in version 0.2.2.4-alpha - 2009-10-10
Tor 0.2.2.4-alpha fixes more crash bugs in 0.2.2.2-alpha. It also
introduces a new unit test framework, shifts directry authority
addresses around to reduce the impact from recent blocking events,
and fixes a few smaller bugs.
o Major bugfixes:
- Fix several more asserts in the circuit_build_times code, for
example one that causes Tor to fail to start once we have
accumulated 5000 build times in the state file. Bugfixes on
0.2.2.2-alpha; fixes bug 1108.
o New directory authorities:
- Move moria1 and Tonga to alternate IP addresses.
o Minor features:
- Log SSL state transitions at debug level during handshake, and
include SSL states in error messages. This may help debug future
SSL handshake issues.
- Add a new "Handshake" log domain for activities that happen
during the TLS handshake.
- Revert to the "June 3 2009" ip-to-country file. The September one
seems to have removed most US IP addresses.
- Directory authorities now reject Tor relays with versions less than
0.1.2.14. This step cuts out four relays from the current network,
none of which are very big.
o Minor bugfixes:
- Fix a couple of smaller issues with gathering statistics. Bugfixes
on 0.2.2.1-alpha.
- Fix two memory leaks in the error case of
circuit_build_times_parse_state(). Bugfix on 0.2.2.2-alpha.
- Don't count one-hop circuits when we're estimating how long it
takes circuits to build on average. Otherwise we'll set our circuit
build timeout lower than we should. Bugfix on 0.2.2.2-alpha.
- Directory authorities no longer change their opinion of, or vote on,
whether a router is Running, unless they have themselves been
online long enough to have some idea. Bugfix on 0.2.0.6-alpha.
Fixes bug 1023.
o Code simplifications and refactoring:
- Revise our unit tests to use the "tinytest" framework, so we
can run tests in their own processes, have smarter setup/teardown
code, and so on. The unit test code has moved to its own
subdirectory, and has been split into multiple modules.
Changes in version 0.2.2.3-alpha - 2009-09-23
Tor 0.2.2.3-alpha fixes a few crash bugs in 0.2.2.2-alpha.
o Major bugfixes:
- Fix an overzealous assert in our new circuit build timeout code.
Bugfix on 0.2.2.2-alpha; fixes bug 1103.
o Minor bugfixes:
- If the networkstatus consensus tells us that we should use a
negative circuit package window, ignore it. Otherwise we'll
believe it and then trigger an assert. Bugfix on 0.2.2.2-alpha.
Changes in version 0.2.2.2-alpha - 2009-09-21
Tor 0.2.2.2-alpha introduces our latest performance improvement for
clients: Tor tracks the average time it takes to build a circuit, and
avoids using circuits that take too long to build. For fast connections,
this feature can cut your expected latency in half. For slow or flaky
connections, it could ruin your Tor experience. Let us know if it does!
o Major features:
- Tor now tracks how long it takes to build client-side circuits
over time, and adapts its timeout to local network performance.
Since a circuit that takes a long time to build will also provide
bad performance, we get significant latency improvements by
discarding the slowest 20% of circuits. Specifically, Tor creates
circuits more aggressively than usual until it has enough data
points for a good timeout estimate. Implements proposal 151.
We are especially looking for reports (good and bad) from users with
both EDGE and broadband connections that can move from broadband
to EDGE and find out if the build-time data in the .tor/state gets
reset without loss of Tor usability. You should also see a notice
log message telling you that Tor has reset its timeout.
- Directory authorities can now vote on arbitary integer values as
part of the consensus process. This is designed to help set
network-wide parameters. Implements proposal 167.
- Tor now reads the "circwindow" parameter out of the consensus,
and uses that value for its circuit package window rather than the
default of 1000 cells. Begins the implementation of proposal 168.
o Major bugfixes:
- Fix a remotely triggerable memory leak when a consensus document
contains more than one signature from the same voter. Bugfix on
0.2.0.3-alpha.
o Minor bugfixes:
- Fix an extremely rare infinite recursion bug that could occur if
we tried to log a message after shutting down the log subsystem.
Found by Matt Edman. Bugfix on 0.2.0.16-alpha.
- Fix parsing for memory or time units given without a space between
the number and the unit. Bugfix on 0.2.2.1-alpha; fixes bug 1076.
- A networkstatus vote must contain exactly one signature. Spec
conformance issue. Bugfix on 0.2.0.3-alpha.
- Fix an obscure bug where hidden services on 64-bit big-endian
systems might mis-read the timestamp in v3 introduce cells, and
refuse to connect back to the client. Discovered by "rotor".
Bugfix on 0.2.1.6-alpha.
- We were triggering a CLOCK_SKEW controller status event whenever
we connect via the v2 connection protocol to any relay that has
a wrong clock. Instead, we should only inform the controller when
it's a trusted authority that claims our clock is wrong. Bugfix
on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit.
- We were telling the controller about CHECKING_REACHABILITY and
REACHABILITY_FAILED status events whenever we launch a testing
circuit or notice that one has failed. Instead, only tell the
controller when we want to inform the user of overall success or
overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported
by SwissTorExit.
- Don't warn when we're using a circuit that ends with a node
excluded in ExcludeExitNodes, but the circuit is not used to access
the outside world. This should help fix bug 1090, but more problems
remain. Bugfix on 0.2.1.6-alpha.
- Work around a small memory leak in some versions of OpenSSL that
stopped the memory used by the hostname TLS extension from being
freed.
- Make our 'torify' script more portable; if we have only one of
'torsocks' or 'tsocks' installed, don't complain to the user;
and explain our warning about tsocks better.
o Minor features:
- Add a "getinfo status/accepted-server-descriptor" controller
command, which is the recommended way for controllers to learn
whether our server descriptor has been successfully received by at
least on directory authority. Un-recommend good-server-descriptor
getinfo and status events until we have a better design for them.
- Update to the "September 4 2009" ip-to-country file.
Changes in version 0.2.2.1-alpha - 2009-08-26
Tor 0.2.2.1-alpha disables ".exit" address notation by default, allows
Tor clients to bootstrap on networks where only port 80 is reachable,
makes it more straightforward to support hardware crypto accelerators,
and starts the groundwork for gathering stats safely at relays.
o Security fixes:
- Start the process of disabling ".exit" address notation, since it
can be used for a variety of esoteric application-level attacks
on users. To reenable it, set "AllowDotExit 1" in your torrc. Fix
on 0.0.9rc5.
o New directory authorities:
- Set up urras (run by Jacob Appelbaum) as the seventh v3 directory
authority.
o Major features:
- New AccelName and AccelDir options add support for dynamic OpenSSL
hardware crypto acceleration engines.
- Tor now supports tunneling all of its outgoing connections over
a SOCKS proxy, using the SOCKS4Proxy and/or SOCKS5Proxy
configuration options. Code by Christopher Davis.
o Major bugfixes:
- Send circuit or stream sendme cells when our window has decreased
by 100 cells, not when it has decreased by 101 cells. Bug uncovered
by Karsten when testing the "reduce circuit window" performance
patch. Bugfix on the 54th commit on Tor -- from July 2002,
before the release of Tor 0.0.0. This is the new winner of the
oldest-bug prize.
o New options for gathering stats safely:
- Directories that set "DirReqStatistics 1" write statistics on
directory request to disk every 24 hours. As compared to the
--enable-geoip-stats flag in 0.2.1.x, there are a few improvements:
1) stats are written to disk exactly every 24 hours; 2) estimated
shares of v2 and v3 requests are determined as mean values, not at
the end of a measurement period; 3) unresolved requests are listed
with country code '??'; 4) directories also measure download times.
- Exit nodes that set "ExitPortStatistics 1" write statistics on the
number of exit streams and transferred bytes per port to disk every
24 hours.
- Relays that set "CellStatistics 1" write statistics on how long
cells spend in their circuit queues to disk every 24 hours.
- Entry nodes that set "EntryStatistics 1" write statistics on the
rough number and origins of connecting clients to disk every 24
hours.
- Relays that write any of the above statistics to disk and set
"ExtraInfoStatistics 1" include the past 24 hours of statistics in
their extra-info documents.
o Minor features:
- New --digests command-line switch to output the digests of the
source files Tor was built with.
- The "torify" script now uses torsocks where available.
- The memarea code now uses a sentinel value at the end of each area
to make sure nothing writes beyond the end of an area. This might
help debug some conceivable causes of bug 930.
- Time and memory units in the configuration file can now be set to
fractional units. For example, "2.5 GB" is now a valid value for
AccountingMax.
- Certain Tor clients (such as those behind check.torproject.org) may
want to fetch the consensus in an extra early manner. To enable this
a user may now set FetchDirInfoExtraEarly to 1. This also depends on
setting FetchDirInfoEarly to 1. Previous behavior will stay the same
as only certain clients who must have this information sooner should
set this option.
- Instead of adding the svn revision to the Tor version string, report
the git commit (when we're building from a git checkout).
o Minor bugfixes:
- If any the v3 certs we download are unparseable, we should actually
notice the failure so we don't retry indefinitely. Bugfix on
0.2.0.x; reported by "rotator".
- If the cached cert file is unparseable, warn but don't exit.
- Fix possible segmentation fault on directory authorities. Bugfix on
0.2.1.14-rc.
- When Tor fails to parse a descriptor of any kind, dump it to disk.
Might help diagnosing bug 1051.
o Deprecated and removed features:
- The controller no longer accepts the old obsolete "addr-mappings/"
or "unregistered-servers-" GETINFO values.
- Hidden services no longer publish version 0 descriptors, and clients
do not request or use version 0 descriptors. However, the old hidden
service authorities still accept and serve version 0 descriptors
when contacted by older hidden services/clients.
- The EXTENDED_EVENTS and VERBOSE_NAMES controller features are now
always on; using them is necessary for correct forward-compatible
controllers.
- Remove support for .noconnect style addresses. Nobody was using
them, and they provided another avenue for detecting Tor users
via application-level web tricks.
o Packaging changes:
- Upgrade Vidalia from 0.1.15 to 0.2.3 in the Windows and OS X
installer bundles. See
https://trac.vidalia-project.net/browser/vidalia/tags/vidalia-0.2.3/CHANGELOG
for details of what's new in Vidalia 0.2.3.
- Windows Vidalia Bundle: update Privoxy from 3.0.6 to 3.0.14-beta.
- OS X Vidalia Bundle: move to Polipo 1.0.4 with Tor specific
configuration file, rather than the old Privoxy.
- OS X Vidalia Bundle: Vidalia, Tor, and Polipo are compiled as
x86-only for better compatibility with OS X 10.6, aka Snow Leopard.
- OS X Tor Expert Bundle: Tor is compiled as x86-only for
better compatibility with OS X 10.6, aka Snow Leopard.
- OS X Vidalia Bundle: The multi-package installer is now replaced
by a simple drag and drop to the /Applications folder. This change
occurred with the upgrade to Vidalia 0.2.3.
Changes in version 0.2.1.20 - 2009-10-15
o Major bugfixes:
- Send circuit or stream sendme cells when our window has decreased
by 100 cells, not when it has decreased by 101 cells. Bug uncovered
by Karsten when testing the "reduce circuit window" performance
patch. Bugfix on the 54th commit on Tor -- from July 2002,
before the release of Tor 0.0.0. This is the new winner of the
oldest-bug prize.
- Fix a remotely triggerable memory leak when a consensus document
contains more than one signature from the same voter. Bugfix on
0.2.0.3-alpha.
- Avoid segfault in rare cases when finishing an introduction circuit
as a client and finding out that we don't have an introduction key
for it. Fixes bug 1073. Reported by Aaron Swartz.
o Major features:
- Tor now reads the "circwindow" parameter out of the consensus,
and uses that value for its circuit package window rather than the
default of 1000 cells. Begins the implementation of proposal 168.
o New directory authorities:
- Set up urras (run by Jacob Appelbaum) as the seventh v3 directory
authority.
- Move moria1 and tonga to alternate IP addresses.
o Minor bugfixes:
- Fix a signed/unsigned compile warning in 0.2.1.19.
- Fix possible segmentation fault on directory authorities. Bugfix on
0.2.1.14-rc.
- Fix an extremely rare infinite recursion bug that could occur if
we tried to log a message after shutting down the log subsystem.
Found by Matt Edman. Bugfix on 0.2.0.16-alpha.
- Fix an obscure bug where hidden services on 64-bit big-endian
systems might mis-read the timestamp in v3 introduce cells, and
refuse to connect back to the client. Discovered by "rotor".
Bugfix on 0.2.1.6-alpha.
- We were triggering a CLOCK_SKEW controller status event whenever
we connect via the v2 connection protocol to any relay that has
a wrong clock. Instead, we should only inform the controller when
it's a trusted authority that claims our clock is wrong. Bugfix
on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit.
- We were telling the controller about CHECKING_REACHABILITY and
REACHABILITY_FAILED status events whenever we launch a testing
circuit or notice that one has failed. Instead, only tell the
controller when we want to inform the user of overall success or
overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported
by SwissTorExit.
- Don't warn when we're using a circuit that ends with a node
excluded in ExcludeExitNodes, but the circuit is not used to access
the outside world. This should help fix bug 1090. Bugfix on
0.2.1.6-alpha.
- Work around a small memory leak in some versions of OpenSSL that
stopped the memory used by the hostname TLS extension from being
freed.
o Minor features:
- Add a "getinfo status/accepted-server-descriptor" controller
command, which is the recommended way for controllers to learn
whether our server descriptor has been successfully received by at
least on directory authority. Un-recommend good-server-descriptor
getinfo and status events until we have a better design for them.
Changes in version 0.2.1.19 - 2009-07-28
Tor 0.2.1.19 fixes a major bug with accessing and providing hidden
services on Tor 0.2.1.3-alpha through 0.2.1.18.
o Major bugfixes:
- Make accessing hidden services on 0.2.1.x work right again.
Bugfix on 0.2.1.3-alpha; workaround for bug 1038. Diagnosis and
part of patch provided by "optimist".
o Minor features:
- When a relay/bridge is writing out its identity key fingerprint to
the "fingerprint" file and to its logs, write it without spaces. Now
it will look like the fingerprints in our bridges documentation,
and confuse fewer users.
o Minor bugfixes:
- Relays no longer publish a new server descriptor if they change
their MaxAdvertisedBandwidth config option but it doesn't end up
changing their advertised bandwidth numbers. Bugfix on 0.2.0.28-rc;
fixes bug 1026. Patch from Sebastian.
- Avoid leaking memory every time we get a create cell but we have
so many already queued that we refuse it. Bugfix on 0.2.0.19-alpha;
fixes bug 1034. Reported by BarkerJr.
Changes in version 0.2.1.18 - 2009-07-24
Tor 0.2.1.18 lays the foundations for performance improvements,
adds status events to help users diagnose bootstrap problems, adds
optional authentication/authorization for hidden services, fixes a
variety of potential anonymity problems, and includes a huge pile of
other features and bug fixes.
o Build fixes:
- Add LIBS=-lrt to Makefile.am so the Tor RPMs use a static libevent.
Changes in version 0.2.1.17-rc - 2009-07-07
Tor 0.2.1.17-rc marks the fourth -- and hopefully last -- release
candidate for the 0.2.1.x series. It lays the groundwork for further
client performance improvements, and also fixes a big bug with directory
authorities that were causing them to assign Guard and Stable flags
poorly.
The Windows bundles also finally include the geoip database that we
thought we'd been shipping since 0.2.0.x (oops), and the OS X bundles
should actually install Torbutton rather than giving you a cryptic
failure message (oops).
o Major features:
- Clients now use the bandwidth values in the consensus, rather than
the bandwidth values in each relay descriptor. This approach opens
the door to more accurate bandwidth estimates once the directory
authorities start doing active measurements. Implements more of
proposal 141.
o Major bugfixes:
- When Tor clients restart after 1-5 days, they discard all their
cached descriptors as too old, but they still use the cached
consensus document. This approach is good for robustness, but
bad for performance: since they don't know any bandwidths, they
end up choosing at random rather than weighting their choice by
speed. Fixed by the above feature of putting bandwidths in the
consensus. Bugfix on 0.2.0.x.
- Directory authorities were neglecting to mark relays down in their
internal histories if the relays fall off the routerlist without
ever being found unreachable. So there were relays in the histories
that haven't been seen for eight months, and are listed as being
up for eight months. This wreaked havoc on the "median wfu"
and "median mtbf" calculations, in turn making Guard and Stable
flags very wrong, hurting network performance. Fixes bugs 696 and
969. Bugfix on 0.2.0.6-alpha.
o Minor bugfixes:
- Serve the DirPortFrontPage page even when we have been approaching
our quotas recently. Fixes bug 1013; bugfix on 0.2.1.8-alpha.
- The control port would close the connection before flushing long
replies, such as the network consensus, if a QUIT command was issued
before the reply had completed. Now, the control port flushes all
pending replies before closing the connection. Also fixed a spurious
warning when a QUIT command is issued after a malformed or rejected
AUTHENTICATE command, but before the connection was closed. Patch
by Marcus Griep. Bugfix on 0.2.0.x; fixes bugs 1015 and 1016.
- When we can't find an intro key for a v2 hidden service descriptor,
fall back to the v0 hidden service descriptor and log a bug message.
Workaround for bug 1024.
- Fix a log message that did not respect the SafeLogging option.
Resolves bug 1027.
o Minor features:
- If we're a relay and we change our IP address, be more verbose
about the reason that made us change. Should help track down
further bugs for relays on dynamic IP addresses.
Changes in version 0.2.0.35 - 2009-06-24
o Security fix:
- Avoid crashing in the presence of certain malformed descriptors.
Found by lark, and by automated fuzzing.
- Fix an edge case where a malicious exit relay could convince a
controller that the client's DNS question resolves to an internal IP
address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.
o Major bugfixes:
- Finally fix the bug where dynamic-IP relays disappear when their
IP address changes: directory mirrors were mistakenly telling
them their old address if they asked via begin_dir, so they
never got an accurate answer about their new address, so they
just vanished after a day. For belt-and-suspenders, relays that
don't set Address in their config now avoid using begin_dir for
all direct connections. Should fix bugs 827, 883, and 900.
- Fix a timing-dependent, allocator-dependent, DNS-related crash bug
that would occur on some exit nodes when DNS failures and timeouts
occurred in certain patterns. Fix for bug 957.
o Minor bugfixes:
- When starting with a cache over a few days old, do not leak
memory for the obsolete router descriptors in it. Bugfix on
0.2.0.33; fixes bug 672.
- Hidden service clients didn't use a cached service descriptor that
was older than 15 minutes, but wouldn't fetch a new one either,
because there was already one in the cache. Now, fetch a v2
descriptor unless the same descriptor was added to the cache within
the last 15 minutes. Fixes bug 997; reported by Marcus Griep.
Changes in version 0.2.1.16-rc - 2009-06-20
Tor 0.2.1.16-rc speeds up performance for fast exit relays, and fixes
a bunch of minor bugs.
o Security fixes:
- Fix an edge case where a malicious exit relay could convince a
controller that the client's DNS question resolves to an internal IP
address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.
o Major performance improvements (on 0.2.0.x):
- Disable and refactor some debugging checks that forced a linear scan
over the whole server-side DNS cache. These accounted for over 50%
of CPU time on a relatively busy exit node's gprof profile. Found
by Jacob.
- Disable some debugging checks that appeared in exit node profile
data.
o Minor features:
- Update to the "June 3 2009" ip-to-country file.
- Do not have tor-resolve automatically refuse all .onion addresses;
if AutomapHostsOnResolve is set in your torrc, this will work fine.
o Minor bugfixes (on 0.2.0.x):
- Log correct error messages for DNS-related network errors on
Windows.
- Fix a race condition that could cause crashes or memory corruption
when running as a server with a controller listening for log
messages.
- Avoid crashing when we have a policy specified in a DirPolicy or
SocksPolicy or ReachableAddresses option with ports set on it,
and we re-load the policy. May fix bug 996.
- Hidden service clients didn't use a cached service descriptor that
was older than 15 minutes, but wouldn't fetch a new one either,
because there was already one in the cache. Now, fetch a v2
descriptor unless the same descriptor was added to the cache within
the last 15 minutes. Fixes bug 997; reported by Marcus Griep.
o Minor bugfixes (on 0.2.1.x):
- Don't warn users about low port and hibernation mix when they
provide a *ListenAddress directive to fix that. Bugfix on
0.2.1.15-rc.
- When switching back and forth between bridge mode, do not start
gathering GeoIP data until two hours have passed.
- Do not complain that the user has requested an excluded node as
an exit when the node is not really an exit. This could happen
because the circuit was for testing, or an introduction point.
Fix for bug 984.
Changes in version 0.2.1.15-rc - 2009-05-25
Tor 0.2.1.15-rc marks the second release candidate for the 0.2.1.x
series. It fixes a major bug on fast exit relays, as well as a variety
of more minor bugs.
o Major bugfixes (on 0.2.0.x):
- Fix a timing-dependent, allocator-dependent, DNS-related crash bug
that would occur on some exit nodes when DNS failures and timeouts
occurred in certain patterns. Fix for bug 957.
o Minor bugfixes (on 0.2.0.x):
- Actually return -1 in the error case for read_bandwidth_usage().
Harmless bug, since we currently don't care about the return value
anywhere. Bugfix on 0.2.0.9-alpha.
- Provide a more useful log message if bug 977 (related to buffer
freelists) ever reappears, and do not crash right away.
- Fix an assertion failure on 64-bit platforms when we allocated
memory right up to the end of a memarea, then realigned the memory
one step beyond the end. Fixes a possible cause of bug 930.
- Protect the count of open sockets with a mutex, so we can't
corrupt it when two threads are closing or opening sockets at once.
Fix for bug 939. Bugfix on 0.2.0.1-alpha.
- Don't allow a bridge to publish its router descriptor to a
non-bridge directory authority. Fixes part of bug 932.
- When we change to or from being a bridge, reset our counts of
client usage by country. Fixes bug 932.
- Fix a bug that made stream bandwidth get misreported to the
controller.
- Stop using malloc_usable_size() to use more area than we had
actually allocated: it was safe, but made valgrind really unhappy.
- Fix a memory leak when v3 directory authorities load their keys
and cert from disk. Bugfix on 0.2.0.1-alpha.
o Minor bugfixes (on 0.2.1.x):
- Fix use of freed memory when deciding to mark a non-addable
descriptor as never-downloadable. Bugfix on 0.2.1.9-alpha.
Changes in version 0.2.1.14-rc - 2009-04-12
Tor 0.2.1.14-rc marks the first release candidate for the 0.2.1.x
series. It begins fixing some major performance problems, and also
finally addresses the bug that was causing relays on dynamic IP
addresses to fall out of the directory.
o Major features:
- Clients replace entry guards that were chosen more than a few months
ago. This change should significantly improve client performance,
especially once more people upgrade, since relays that have been
a guard for a long time are currently overloaded.
o Major bugfixes (on 0.2.0):
- Finally fix the bug where dynamic-IP relays disappear when their
IP address changes: directory mirrors were mistakenly telling
them their old address if they asked via begin_dir, so they
never got an accurate answer about their new address, so they
just vanished after a day. For belt-and-suspenders, relays that
don't set Address in their config now avoid using begin_dir for
all direct connections. Should fix bugs 827, 883, and 900.
- Relays were falling out of the networkstatus consensus for
part of a day if they changed their local config but the
authorities discarded their new descriptor as "not sufficiently
different". Now directory authorities accept a descriptor as changed
if bandwidthrate or bandwidthburst changed. Partial fix for bug 962;
patch by Sebastian.
- Avoid crashing in the presence of certain malformed descriptors.
Found by lark, and by automated fuzzing.
o Minor features:
- When generating circuit events with verbose nicknames for
controllers, try harder to look up nicknames for routers on a
circuit. (Previously, we would look in the router descriptors we had
for nicknames, but not in the consensus.) Partial fix for bug 941.
- If the bridge config line doesn't specify a port, assume 443.
This makes bridge lines a bit smaller and easier for users to
understand.
- Raise the minimum bandwidth to be a relay from 20000 bytes to 20480
bytes (aka 20KB/s), to match our documentation. Also update
directory authorities so they always assign the Fast flag to relays
with 20KB/s of capacity. Now people running relays won't suddenly
find themselves not seeing any use, if the network gets faster
on average.
- Update to the "April 3 2009" ip-to-country file.
o Minor bugfixes:
- Avoid trying to print raw memory to the logs when we decide to
give up on downloading a given relay descriptor. Bugfix on
0.2.1.9-alpha.
- In tor-resolve, when the Tor client to use is specified by
<hostname>:<port>, actually use the specified port rather than
defaulting to 9050. Bugfix on 0.2.1.6-alpha.
- Make directory usage recording work again. Bugfix on 0.2.1.6-alpha.
- When starting with a cache over a few days old, do not leak
memory for the obsolete router descriptors in it. Bugfix on
0.2.0.33.
- Avoid double-free on list of successfully uploaded hidden
service discriptors. Fix for bug 948. Bugfix on 0.2.1.6-alpha.
- Change memarea_strndup() implementation to work even when
duplicating a string at the end of a page. This bug was
harmless for now, but could have meant crashes later. Fix by
lark. Bugfix on 0.2.1.1-alpha.
- Limit uploaded directory documents to be 16M rather than 500K.
The directory authorities were refusing v3 consensus votes from
other authorities, since the votes are now 504K. Fixes bug 959;
bugfix on 0.0.2pre17 (where we raised it from 50K to 500K ;).
- Directory authorities should never send a 503 "busy" response to
requests for votes or keys. Bugfix on 0.2.0.8-alpha; exposed by
bug 959.
Changes in version 0.2.1.13-alpha - 2009-03-09
Tor 0.2.1.13-alpha includes another big pile of minor bugfixes and
cleanups. We're finally getting close to a release candidate.
o Major bugfixes:
- Correctly update the list of which countries we exclude as
exits, when the GeoIP file is loaded or reloaded. Diagnosed by
lark. Bugfix on 0.2.1.6-alpha.
o Minor bugfixes (on 0.2.0.x and earlier):
- Automatically detect MacOSX versions earlier than 10.4.0, and
disable kqueue from inside Tor when running with these versions.
We previously did this from the startup script, but that was no
help to people who didn't use the startup script. Resolves bug 863.
- When we had picked an exit node for a connection, but marked it as
"optional", and it turned out we had no onion key for the exit,
stop wanting that exit and try again. This situation may not
be possible now, but will probably become feasible with proposal
158. Spotted by rovv. Fixes another case of bug 752.
- Clients no longer cache certificates for authorities they do not
recognize. Bugfix on 0.2.0.9-alpha.
- When we can't transmit a DNS request due to a network error, retry
it after a while, and eventually transmit a failing response to
the RESOLVED cell. Bugfix on 0.1.2.5-alpha.
- If the controller claimed responsibility for a stream, but that
stream never finished making its connection, it would live
forever in circuit_wait state. Now we close it after SocksTimeout
seconds. Bugfix on 0.1.2.7-alpha; reported by Mike Perry.
- Drop begin cells to a hidden service if they come from the middle
of a circuit. Patch from lark.
- When we erroneously receive two EXTEND cells for the same circuit
ID on the same connection, drop the second. Patch from lark.
- Fix a crash that occurs on exit nodes when a nameserver request
timed out. Bugfix on 0.1.2.1-alpha; our CLEAR debugging code had
been suppressing the bug since 0.1.2.10-alpha. Partial fix for
bug 929.
- Do not assume that a stack-allocated character array will be
64-bit aligned on platforms that demand that uint64_t access is
aligned. Possible fix for bug 604.
- Parse dates and IPv4 addresses in a locale- and libc-independent
manner, to avoid platform-dependent behavior on malformed input.
- Build correctly when configured to build outside the main source
path. Patch from Michael Gold.
- We were already rejecting relay begin cells with destination port
of 0. Now also reject extend cells with destination port or address
of 0. Suggested by lark.
o Minor bugfixes (on 0.2.1.x):
- Don't re-extend introduction circuits if we ran out of RELAY_EARLY
cells. Bugfix on 0.2.1.3-alpha. Fixes more of bug 878.
- If we're an exit node, scrub the IP address to which we are exiting
in the logs. Bugfix on 0.2.1.8-alpha.
o Minor features:
- On Linux, use the prctl call to re-enable core dumps when the user
is option is set.
- New controller event NEWCONSENSUS that lists the networkstatus
lines for every recommended relay. Now controllers like Torflow
can keep up-to-date on which relays they should be using.
- Update to the "February 26 2009" ip-to-country file.
Changes in version 0.2.0.34 - 2009-02-08
Tor 0.2.0.34 features several more security-related fixes. You should
upgrade, especially if you run an exit relay (remote crash) or a
directory authority (remote infinite loop), or you're on an older
(pre-XP) or not-recently-patched Windows (remote exploit).
This release marks end-of-life for Tor 0.1.2.x. Those Tor versions
have many known flaws, and nobody should be using them. You should
upgrade. If you're using a Linux or BSD and its packages are obsolete,
stop using those packages and upgrade anyway.
o Security fixes:
- Fix an infinite-loop bug on handling corrupt votes under certain
circumstances. Bugfix on 0.2.0.8-alpha.
- Fix a temporary DoS vulnerability that could be performed by
a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
- Avoid a potential crash on exit nodes when processing malformed
input. Remote DoS opportunity. Bugfix on 0.2.0.33.
- Do not accept incomplete ipv4 addresses (like 192.168.0) as valid.
Spec conformance issue. Bugfix on Tor 0.0.2pre27.
o Minor bugfixes:
- Fix compilation on systems where time_t is a 64-bit integer.
Patch from Matthias Drochner.
- Don't consider expiring already-closed client connections. Fixes
bug 893. Bugfix on 0.0.2pre20.
Changes in version 0.2.1.12-alpha - 2009-02-08
Tor 0.2.1.12-alpha features several more security-related fixes. You
should upgrade, especially if you run an exit relay (remote crash) or
a directory authority (remote infinite loop), or you're on an older
(pre-XP) or not-recently-patched Windows (remote exploit). It also
includes a big pile of minor bugfixes and cleanups.
o Security fixes:
- Fix an infinite-loop bug on handling corrupt votes under certain
circumstances. Bugfix on 0.2.0.8-alpha.
- Fix a temporary DoS vulnerability that could be performed by
a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
- Avoid a potential crash on exit nodes when processing malformed
input. Remote DoS opportunity. Bugfix on 0.2.1.7-alpha.
o Minor bugfixes:
- Let controllers actually ask for the "clients_seen" event for
getting usage summaries on bridge relays. Bugfix on 0.2.1.10-alpha;
reported by Matt Edman.
- Fix a compile warning on OSX Panther. Fixes bug 913; bugfix against
0.2.1.11-alpha.
- Fix a bug in address parsing that was preventing bridges or hidden
service targets from being at IPv6 addresses.
- Solve a bug that kept hardware crypto acceleration from getting
enabled when accounting was turned on. Fixes bug 907. Bugfix on
0.0.9pre6.
- Remove a bash-ism from configure.in to build properly on non-Linux
platforms. Bugfix on 0.2.1.1-alpha.
- Fix code so authorities _actually_ send back X-Descriptor-Not-New
headers. Bugfix on 0.2.0.10-alpha.
- Don't consider expiring already-closed client connections. Fixes
bug 893. Bugfix on 0.0.2pre20.
- Fix another interesting corner-case of bug 891 spotted by rovv:
Previously, if two hosts had different amounts of clock drift, and
one of them created a new connection with just the wrong timing,
the other might decide to deprecate the new connection erroneously.
Bugfix on 0.1.1.13-alpha.
- Resolve a very rare crash bug that could occur when the user forced
a nameserver reconfiguration during the middle of a nameserver
probe. Fixes bug 526. Bugfix on 0.1.2.1-alpha.
- Support changing value of ServerDNSRandomizeCase during SIGHUP.
Bugfix on 0.2.1.7-alpha.
- If we're using bridges and our network goes away, be more willing
to forgive our bridges and try again when we get an application
request. Bugfix on 0.2.0.x.
o Minor features:
- Support platforms where time_t is 64 bits long. (Congratulations,
NetBSD!) Patch from Matthias Drochner.
- Add a 'getinfo status/clients-seen' controller command, in case
controllers want to hear clients_seen events but connect late.
o Build changes:
- Disable GCC's strict alias optimization by default, to avoid the
likelihood of its introducing subtle bugs whenever our code violates
the letter of C99's alias rules.
Changes in version 0.2.0.33 - 2009-01-21
Tor 0.2.0.33 fixes a variety of bugs that were making relays less
useful to users. It also finally fixes a bug where a relay or client
that's been off for many days would take a long time to bootstrap.
This update also fixes an important security-related bug reported by
Ilja van Sprundel. You should upgrade. (We'll send out more details
about the bug once people have had some time to upgrade.)
o Security fixes:
- Fix a heap-corruption bug that may be remotely triggerable on
some platforms. Reported by Ilja van Sprundel.
o Major bugfixes:
- When a stream at an exit relay is in state "resolving" or
"connecting" and it receives an "end" relay cell, the exit relay
would silently ignore the end cell and not close the stream. If
the client never closes the circuit, then the exit relay never
closes the TCP connection. Bug introduced in Tor 0.1.2.1-alpha;
reported by "wood".
- When sending CREATED cells back for a given circuit, use a 64-bit
connection ID to find the right connection, rather than an addr:port
combination. Now that we can have multiple OR connections between
the same ORs, it is no longer possible to use addr:port to uniquely
identify a connection.
- Bridge relays that had DirPort set to 0 would stop fetching
descriptors shortly after startup, and then briefly resume
after a new bandwidth test and/or after publishing a new bridge
descriptor. Bridge users that try to bootstrap from them would
get a recent networkstatus but would get descriptors from up to
18 hours earlier, meaning most of the descriptors were obsolete
already. Reported by Tas; bugfix on 0.2.0.13-alpha.
- Prevent bridge relays from serving their 'extrainfo' document
to anybody who asks, now that extrainfo docs include potentially
sensitive aggregated client geoip summaries. Bugfix on
0.2.0.13-alpha.
- If the cached networkstatus consensus is more than five days old,
discard it rather than trying to use it. In theory it could be
useful because it lists alternate directory mirrors, but in practice
it just means we spend many minutes trying directory mirrors that
are long gone from the network. Also discard router descriptors as
we load them if they are more than five days old, since the onion
key is probably wrong by now. Bugfix on 0.2.0.x. Fixes bug 887.
o Minor bugfixes:
- Do not mark smartlist_bsearch_idx() function as ATTR_PURE. This bug
could make gcc generate non-functional binary search code. Bugfix
on 0.2.0.10-alpha.
- Build correctly on platforms without socklen_t.
- Compile without warnings on solaris.
- Avoid potential crash on internal error during signature collection.
Fixes bug 864. Patch from rovv.
- Correct handling of possible malformed authority signing key
certificates with internal signature types. Fixes bug 880.
Bugfix on 0.2.0.3-alpha.
- Fix a hard-to-trigger resource leak when logging credential status.
CID 349.
- When we can't initialize DNS because the network is down, do not
automatically stop Tor from starting. Instead, we retry failed
dns_init() every 10 minutes, and change the exit policy to reject
*:* until one succeeds. Fixes bug 691.
- Use 64 bits instead of 32 bits for connection identifiers used with
the controller protocol, to greatly reduce risk of identifier reuse.
- When we're choosing an exit node for a circuit, and we have
no pending streams, choose a good general exit rather than one that
supports "all the pending streams". Bugfix on 0.1.1.x. Fix by rovv.
- Fix another case of assuming, when a specific exit is requested,
that we know more than the user about what hosts it allows.
Fixes one case of bug 752. Patch from rovv.
- Clip the MaxCircuitDirtiness config option to a minimum of 10
seconds. Warn the user if lower values are given in the
configuration. Bugfix on 0.1.0.1-rc. Patch by Sebastian.
- Clip the CircuitBuildTimeout to a minimum of 30 seconds. Warn the
user if lower values are given in the configuration. Bugfix on
0.1.1.17-rc. Patch by Sebastian.
- Fix a memory leak when we decline to add a v2 rendezvous descriptor to
the cache because we already had a v0 descriptor with the same ID.
Bugfix on 0.2.0.18-alpha.
- Fix a race condition when freeing keys shared between main thread
and CPU workers that could result in a memory leak. Bugfix on
0.1.0.1-rc. Fixes bug 889.
- Send a valid END cell back when a client tries to connect to a
nonexistent hidden service port. Bugfix on 0.1.2.15. Fixes bug
840. Patch from rovv.
- Check which hops rendezvous stream cells are associated with to
prevent possible guess-the-streamid injection attacks from
intermediate hops. Fixes another case of bug 446. Based on patch
from rovv.
- If a broken client asks a non-exit router to connect somewhere,
do not even do the DNS lookup before rejecting the connection.
Fixes another case of bug 619. Patch from rovv.
- When a relay gets a create cell it can't decrypt (e.g. because it's
using the wrong onion key), we were dropping it and letting the
client time out. Now actually answer with a destroy cell. Fixes
bug 904. Bugfix on 0.0.2pre8.
o Minor bugfixes (hidden services):
- Do not throw away existing introduction points on SIGHUP. Bugfix on
0.0.6pre1. Patch by Karsten. Fixes bug 874.
o Minor features:
- Report the case where all signatures in a detached set are rejected
differently than the case where there is an error handling the
detached set.
- When we realize that another process has modified our cached
descriptors, print out a more useful error message rather than
triggering an assertion. Fixes bug 885. Patch from Karsten.
- Implement the 0x20 hack to better resist DNS poisoning: set the
case on outgoing DNS requests randomly, and reject responses that do
not match the case correctly. This logic can be disabled with the
ServerDNSRamdomizeCase setting, if you are using one of the 0.3%
of servers that do not reliably preserve case in replies. See
"Increased DNS Forgery Resistance through 0x20-Bit Encoding"
for more info.
- Check DNS replies for more matching fields to better resist DNS
poisoning.
- Never use OpenSSL compression: it wastes RAM and CPU trying to
compress cells, which are basically all encrypted, compressed, or
both.
Changes in version 0.2.1.11-alpha - 2009-01-20
Tor 0.2.1.11-alpha finishes fixing the "if your Tor is off for a
week it will take a long time to bootstrap again" bug. It also fixes
an important security-related bug reported by Ilja van Sprundel. You
should upgrade. (We'll send out more details about the bug once people
have had some time to upgrade.)
o Security fixes:
- Fix a heap-corruption bug that may be remotely triggerable on
some platforms. Reported by Ilja van Sprundel.
o Major bugfixes:
- Discard router descriptors as we load them if they are more than
five days old. Otherwise if Tor is off for a long time and then
starts with cached descriptors, it will try to use the onion
keys in those obsolete descriptors when building circuits. Bugfix
on 0.2.0.x. Fixes bug 887.
o Minor features:
- Try to make sure that the version of Libevent we're running with
is binary-compatible with the one we built with. May address bug
897 and others.
- Make setting ServerDNSRandomizeCase to 0 actually work. Bugfix
for bug 905. Bugfix on 0.2.1.7-alpha.
- Add a new --enable-local-appdata configuration switch to change
the default location of the datadir on win32 from APPDATA to
LOCAL_APPDATA. In the future, we should migrate to LOCAL_APPDATA
entirely. Patch from coderman.
o Minor bugfixes:
- Make outbound DNS packets respect the OutboundBindAddress setting.
Fixes the bug part of bug 798. Bugfix on 0.1.2.2-alpha.
- When our circuit fails at the first hop (e.g. we get a destroy
cell back), avoid using that OR connection anymore, and also
tell all the one-hop directory requests waiting for it that they
should fail. Bugfix on 0.2.1.3-alpha.
- In the torify(1) manpage, mention that tsocks will leak your
DNS requests.
Changes in version 0.2.1.10-alpha - 2009-01-06
Tor 0.2.1.10-alpha fixes two major bugs in bridge relays (one that
would make the bridge relay not so useful if it had DirPort set to 0,
and one that could let an attacker learn a little bit of information
about the bridge's users), and a bug that would cause your Tor relay
to ignore a circuit create request it can't decrypt (rather than reply
with an error). It also fixes a wide variety of other bugs.
o Major bugfixes:
- If the cached networkstatus consensus is more than five days old,
discard it rather than trying to use it. In theory it could
be useful because it lists alternate directory mirrors, but in
practice it just means we spend many minutes trying directory
mirrors that are long gone from the network. Helps bug 887 a bit;
bugfix on 0.2.0.x.
- Bridge relays that had DirPort set to 0 would stop fetching
descriptors shortly after startup, and then briefly resume
after a new bandwidth test and/or after publishing a new bridge
descriptor. Bridge users that try to bootstrap from them would
get a recent networkstatus but would get descriptors from up to
18 hours earlier, meaning most of the descriptors were obsolete
already. Reported by Tas; bugfix on 0.2.0.13-alpha.
- Prevent bridge relays from serving their 'extrainfo' document
to anybody who asks, now that extrainfo docs include potentially
sensitive aggregated client geoip summaries. Bugfix on
0.2.0.13-alpha.
o Minor features:
- New controller event "clients_seen" to report a geoip-based summary
of which countries we've seen clients from recently. Now controllers
like Vidalia can show bridge operators that they're actually making
a difference.
- Build correctly against versions of OpenSSL 0.9.8 or later built
without support for deprecated functions.
- Update to the "December 19 2008" ip-to-country file.
o Minor bugfixes (on 0.2.0.x):
- Authorities now vote for the Stable flag for any router whose
weighted MTBF is at least 5 days, regardless of the mean MTBF.
- Do not remove routers as too old if we do not have any consensus
document. Bugfix on 0.2.0.7-alpha.
- Do not accept incomplete ipv4 addresses (like 192.168.0) as valid.
Spec conformance issue. Bugfix on Tor 0.0.2pre27.
- When an exit relay resolves a stream address to a local IP address,
do not just keep retrying that same exit relay over and
over. Instead, just close the stream. Addresses bug 872. Bugfix
on 0.2.0.32. Patch from rovv.
- If a hidden service sends us an END cell, do not consider
retrying the connection; just close it. Patch from rovv.
- When we made bridge authorities stop serving bridge descriptors over
unencrypted links, we also broke DirPort reachability testing for
bridges. So bridges with a non-zero DirPort were printing spurious
warns to their logs. Bugfix on 0.2.0.16-alpha. Fixes bug 709.
- When a relay gets a create cell it can't decrypt (e.g. because it's
using the wrong onion key), we were dropping it and letting the
client time out. Now actually answer with a destroy cell. Fixes
bug 904. Bugfix on 0.0.2pre8.