Tor 0.2.3.14-alpha fixes yet more bugs to get us closer to a release candidate. It also dramatically speeds up AES: fast relays should consider switching to the newer OpenSSL library. https://www.torproject.org/download/download (Packages coming eventually.) Changes in version 0.2.3.14-alpha - 2012-04-23 o Directory authority changes: - Change IP address for ides (v3 directory authority), and rename it to turtles. o Major bugfixes: - Avoid logging uninitialized data when unable to decode a hidden service descriptor cookie. Fixes bug 5647; bugfix on 0.2.1.5-alpha. - Avoid a client-side assertion failure when receiving an INTRODUCE2 cell on a general purpose circuit. Fixes bug 5644; bugfix on 0.2.1.6-alpha. - If authorities are unable to get a v2 consensus document from other directory authorities, they no longer fall back to fetching them from regular directory caches. Fixes bug 5635; bugfix on 0.2.2.26-beta, where routers stopped downloading v2 consensus documents entirely. - When we start a Tor client with a normal consensus already cached, be willing to download a microdescriptor consensus. Fixes bug 4011; fix on 0.2.3.1-alpha. o Major features (performance): - When built to use OpenSSL 1.0.1, and built for an x86 or x86_64 instruction set, take advantage of OpenSSL's AESNI, bitsliced, or vectorized AES implementations as appropriate. These can be much, much faster than other AES implementations. o Minor bugfixes (0.2.2.x and earlier): - Don't launch more than 10 service-side introduction-point circuits for a hidden service in five minutes. Previously, we would consider launching more introduction-point circuits if at least one second had passed without any introduction-point circuits failing. Fixes bug 4607; bugfix on 0.0.7pre1. - Change the BridgePassword feature (part of the "bridge community" design, which is not yet implemented) to use a time-independent comparison. The old behavior might have allowed an adversary to use timing to guess the BridgePassword value. Fixes bug 5543; bugfix on 0.2.0.14-alpha. - Enforce correct return behavior of tor_vsscanf() when the '%%' pattern is used. Fixes bug 5558. Bugfix on 0.2.1.13. - When sending an HTTP/1.1 proxy request, include a Host header. Fixes bug 5593; bugfix on 0.2.2.1-alpha. - Don't log that we have "decided to publish new relay descriptor" unless we are actually publishing a descriptor. Fixes bug 3942; bugfix on 0.2.2.28-beta. o Minor bugfixes (0.2.3.x): - Fix a bug where a bridge authority crashes (on a failed assert) if it has seen no directory requests when it's time to write statistics to disk. Fixes bug 5508. Bugfix on 0.2.3.6-alpha. - Fix bug stomping on ORPort option NoListen and ignoring option NoAdvertise. Fixes bug 5151; bugfix on 0.2.3.9-alpha. - In the testsuite, provide a large enough buffer in the tor_sscanf unit test. Otherwise we'd overrun that buffer and crash during the unit tests. Found by weasel. Fixes bug 5449; bugfix on 0.2.3.12-alpha. - Make sure we create the keys directory if it doesn't exist and we're about to store the dynamic Diffie-Hellman parameters. Fixes bug 5572; bugfix on 0.2.3.13-alpha. - Fix a small memory leak when trying to decode incorrect base16 authenticator during SAFECOOKIE authentication. Found by Coverity Scan. Fixes CID 507. Bugfix on 0.2.3.13-alpha. o Minor features: - Add more information to a log statement that might help track down bug 4091. If you're seeing "Bug: tor_addr_is_internal() called with a non-IP address" messages (or any Bug messages, for that matter!), please let us know about it. - Relays now understand an IPv6 address when they get one from a directory server. Resolves ticket 4875. - Resolve IPv6 addresses in bridge and entry statistics to country code "??" which means we at least count them. Resolves ticket 5053; improves on 0.2.3.9-alpha. - Update to the April 3 2012 Maxmind GeoLite Country database. - Begin a doc/state-contents.txt file to explain the contents of the Tor state file. Fixes bug 2987. o Default torrc changes: - Stop listing "socksport 9050" in torrc.sample. We open a socks port on 9050 by default anyway, so this should not change anything in practice. - Stop mentioning the deprecated *ListenAddress options in torrc.sample. Fixes bug 5438. - Document unit of bandwidth related options in sample torrc. Fixes bug 5621. o Removed features: - The "torify" script no longer supports the "tsocks" socksifier tool, since tsocks doesn't support DNS and UDP right for Tor. Everyone should be using torsocks instead. Fixes bugs 3530 and 5180. Based on a patch by "ugh". o Code refactoring: - Change the symmetric cipher interface so that creating and initializing a stream cipher are no longer separate functions. - Remove all internal support for unpadded RSA. We never used it, and it would be a bad idea to start.
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk