[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor is out

Hash: SHA1
Well, I've just downloaded and installed "" forWin32.
"Looks like it's working" !

 I have not had any problems as far as Tor crashing or anything like
that. If there is a security hole or flaw somewhere in the design or
code- that would be something I as an ordinary user, would be unlikely
to catch (until to late!)

P.S. I managed to identify and successfully import the package signing
key but only after looking all over the download page (and all over
the Tor site) with no luck, for awhile. A link to the key (and maybe,
a simple 'how to" on checking sigs) might be useful to new users.

- -A Newbie



> Roger Dingledine wrote:
> This is the ninth release candidate for the 0.1.0.x series. This
> release fixes some memory bloating, disables threads on Solaris,
> and includes some important security fixes for Win32.
> This is the one, I can feel it! (We have one bug left, which is
> some weird behavior with FreeBSD and libevent 1.1. Let us know if
> you're experiencing these crashes too.)
> http://tor.eff.org/download.html
> o Bugfixes: - Reset buf->highwater every time buf_shrink() is
> called, not just on a successful shrink. This was causing
> significant memory bloat. - Fix buffer overflow when checking
> hashed passwords. - Security fix: if seeding the RNG on Win32
> fails, quit. - Allow seeding the RNG on Win32 even when you're not
> running as Administrator. - Disable threading on Solaris too.
> Something is wonky with it, cpuworkers, and reentrant libs. -
> Reenable the part of the code that tries to flush as soon as an OR
> outbuf has a full TLS record available. Perhaps this will make OR
> outbufs not grow as huge except in rare cases, thus saving lots of
> CPU time plus memory. - Reject malformed .onion addresses rather
> then passing them on as normal web requests. - Adapt patch from
> Adam Langley: fix possible memory leak in tor_lookup_hostname(). -
> Initialize libevent later in the startup process, so the logs are
> already established by the time we start logging libevent warns. -
> Use correct errno on win32 if libevent fails. - Check and warn
> about known-bad/slow libevent versions. - Pay more attention to the
> ClientOnly config option. - Have torctl.in/tor.sh.in check for
> location of su binary (needed on FreeBSD) - Correct/add man page
> entries for LongLivedPorts, ExitPolicy, KeepalivePeriod,
> ClientOnly, NoPublish, HttpProxy, HttpsProxy,
> HttpProxyAuthenticator - Stop warning about sigpipes in the logs.
> We're going to pretend that getting these occassionally is normal
> and fine. - Resolve OS X installer bugs: stop claiming to be
> in certain installer screens; and don't put stuff into
> StartupItems unless the user asks you to. - Require servers that
> use the default dirservers to have public IP addresses. We have too
> many servers that are configured with private IPs and their admins
> never notice the log entries complaining that their descriptors are
> being rejected. - Add OSX uninstall instructions. An actual
> uninstall script will come later.

Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org