[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor 0.1.0.9-rc is out



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Well, I've just downloaded and installed "0.1.0.9-rc" forWin32.
"Looks like it's working" !

 I have not had any problems as far as Tor crashing or anything like
that. If there is a security hole or flaw somewhere in the design or
code- that would be something I as an ordinary user, would be unlikely
to catch (until to late!)

P.S. I managed to identify and successfully import the package signing
key but only after looking all over the download page (and all over
the Tor site) with no luck, for awhile. A link to the key (and maybe,
a simple 'how to" on checking sigs) might be useful to new users.

- -A Newbie

Thanks!

H.

> Roger Dingledine wrote:
>
>
> This is the ninth release candidate for the 0.1.0.x series. This
> release fixes some memory bloating, disables threads on Solaris,
> and includes some important security fixes for Win32.
>
> This is the one, I can feel it! (We have one bug left, which is
> some weird behavior with FreeBSD and libevent 1.1. Let us know if
> you're experiencing these crashes too.)
>
> http://tor.eff.org/download.html
>
> o Bugfixes: - Reset buf->highwater every time buf_shrink() is
> called, not just on a successful shrink. This was causing
> significant memory bloat. - Fix buffer overflow when checking
> hashed passwords. - Security fix: if seeding the RNG on Win32
> fails, quit. - Allow seeding the RNG on Win32 even when you're not
> running as Administrator. - Disable threading on Solaris too.
> Something is wonky with it, cpuworkers, and reentrant libs. -
> Reenable the part of the code that tries to flush as soon as an OR
> outbuf has a full TLS record available. Perhaps this will make OR
> outbufs not grow as huge except in rare cases, thus saving lots of
> CPU time plus memory. - Reject malformed .onion addresses rather
> then passing them on as normal web requests. - Adapt patch from
> Adam Langley: fix possible memory leak in tor_lookup_hostname(). -
> Initialize libevent later in the startup process, so the logs are
> already established by the time we start logging libevent warns. -
> Use correct errno on win32 if libevent fails. - Check and warn
> about known-bad/slow libevent versions. - Pay more attention to the
> ClientOnly config option. - Have torctl.in/tor.sh.in check for
> location of su binary (needed on FreeBSD) - Correct/add man page
> entries for LongLivedPorts, ExitPolicy, KeepalivePeriod,
> ClientOnly, NoPublish, HttpProxy, HttpsProxy,
> HttpProxyAuthenticator - Stop warning about sigpipes in the logs.
> We're going to pretend that getting these occassionally is normal
> and fine. - Resolve OS X installer bugs: stop claiming to be
> 0.0.9.2 in certain installer screens; and don't put stuff into
> StartupItems unless the user asks you to. - Require servers that
> use the default dirservers to have public IP addresses. We have too
> many servers that are configured with private IPs and their admins
> never notice the log entries complaining that their descriptors are
> being rejected. - Add OSX uninstall instructions. An actual
> uninstall script will come later.
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
 
iD8DBQFCqSTm6g/idI5v9HcRAr2vAKDGV+M/BFJFseVngf6JftoWckSKnwCglCz4
012csOzWr8yzQiDkAzzIAc0=
=VLhU
-----END PGP SIGNATURE-----