[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor 0.2.3.20-rc is out

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Tor 0.2.3.20-rc is out
From: Geoff Down <geoffdown@xxxxxxxxxxxx>
Date: Wed, 08 Aug 2012 00:43:27 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 07 Aug 2012 19:50:42 -0400
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.net; h= message-id:from:to:mime-version:content-transfer-encoding :content-type:in-reply-to:references:subject:date; s=mesmtp; bh= tD/kZgZUUL919sR6uG3VdGhx+pY=; b=jHyMHEXBGIoFOCWiWSGXq6TuUQ5Jt33N vt1JBq2zlAxHeCEQB8HvJdIBbfPgPPY5/o2ljsMPB4lYanDnFn7rthckY3P6/XWD NS9An185XCOUAM8bOl7phN3sziYm75PyubexXZLsXsZZLgbxJE3sBPxJQ4hX7tLw VeUPRQFGxsg=
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:from:to:mime-version :content-transfer-encoding:content-type:in-reply-to:references :subject:date; s=smtpout; bh=tD/kZgZUUL919sR6uG3VdGhx+pY=; b=hCZ CyJBJEmBuMMCUgq2UxszemxYm7PZOv6ajwuMomF3sEkeaQ3eDa0f57RSYbvbb1/3 sV3YemvpSs8HXh9ZJUeTte3Tz1A8U/Ecv/ziUcFAUqtJaIM3y4VFhxf2HImYZG7w d8KkGp/cni91bJbD/E3E7JvGdRiOdV1bKMb3KKMU=
In-reply-to: <20120807215157.GR5880@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20120807215157.GR5880@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

This version of Tor (0.2.3.20-rc) is newer than any recommended version,
according to the directory authorities.

On Tue, Aug 7, 2012, at 10:51 PM, Roger Dingledine wrote:
> Tor 0.2.3.20-rc is the third release candidate for the Tor 0.2.3.x
> series. It fixes a pair of code security bugs and a potential anonymity
> issue, updates our RPM spec files, and cleans up other smaller issues.
> 
> https://www.torproject.org/download/download
> 
> (Packages coming eventually.)
> 
> Changes in version 0.2.3.20-rc - 2012-08-05
>   o Security fixes:
>     - Avoid read-from-freed-memory and double-free bugs that could occur
>       when a DNS request fails while launching it. Fixes bug 6480;
>       bugfix on 0.2.0.1-alpha.
>     - Avoid an uninitialized memory read when reading a vote or consensus
>       document that has an unrecognized flavor name. This read could
>       lead to a remote crash bug. Fixes bug 6530; bugfix on
>       0.2.2.6-alpha.
>     - Try to leak less information about what relays a client is
>       choosing to a side-channel attacker. Previously, a Tor client would
>       stop iterating through the list of available relays as soon as it
>       had chosen one, thus finishing a little earlier when it picked
>       a router earlier in the list. If an attacker can recover this
>       timing information (nontrivial but not proven to be impossible),
>       they could learn some coarse-grained information about which relays
>       a client was picking (middle nodes in particular are likelier to
>       be affected than exits). The timing attack might be mitigated by
>       other factors (see bug 6537 for some discussion), but it's best
>       not to take chances. Fixes bug 6537; bugfix on 0.0.8rc1.
> 
>   o Minor features:
>     - Try to make the warning when giving an obsolete SOCKSListenAddress
>       a little more useful.
>     - Terminate active server managed proxies if Tor stops being a
>       relay. Addresses parts of bug 6274; bugfix on 0.2.3.6-alpha.
>     - Provide a better error message about possible OSX Asciidoc failure
>       reasons. Fixes bug 6436.
>     - Warn when Tor is configured to use accounting in a way that can
>       link a hidden service to some other hidden service or public
>       address. Resolves ticket 6490.
> 
>   o Minor bugfixes:
>     - Check return value of fputs() when writing authority certificate
>       file. Fixes Coverity issue 709056; bugfix on 0.2.0.1-alpha.
>     - Ignore ServerTransportPlugin lines when Tor is not configured as
>       a relay. Fixes bug 6274; bugfix on 0.2.3.6-alpha.
>     - When disabling guards for having too high a proportion of failed
>       circuits, make sure to look at each guard. Fixes bug 6397; bugfix
>       on 0.2.3.17-beta.
> 
>   o Packaging (RPM):
>     - Update our default RPM spec files to work with mock and rpmbuild
>       on RHEL/Fedora. They have an updated set of dependencies and
>       conflicts, a fix for an ancient typo when creating the "_tor"
>       user, and better instructions. Thanks to Ondrej Mikle for the
>       patch series. Fixes bug 6043.
> 
>   o Testing:
>     - Make it possible to set the TestingTorNetwork configuration
>       option using AlternateDirAuthority and AlternateBridgeAuthority
>       as an alternative to setting DirServer. Addresses ticket 6377.
> 
>   o Documentation:
>     - Clarify the documentation for the Alternate*Authority options.
>       Fixes bug 6387.
>     - Fix some typos in the manpages. Patch from A. Costa. Fixes bug
>     6500.
> 
>   o Code simplification and refactoring:
>     - Do not use SMARTLIST_FOREACH for any loop whose body exceeds
>       10 lines. Also, don't nest them. Doing so in the past has
>       led to hard-to-debug code. The new style is to use the
>       SMARTLIST_FOREACH_{BEGIN,END} pair. Addresses issue 6400.
> 
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> Email had 1 attachment:
> + signature.asc
>   1k (application/pgp-signature)

-- 
http://www.fastmail.fm - IMAP accessible web-mail

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Tor 0.2.3.20-rc is out
  - From: Roger Dingledine

Prev by Author: Re: [tor-talk] Orweb & orbot
Next by Author: Re: [tor-talk] please suggest a new project name for Anonymous Operating System
Previous by thread: [tor-talk] Tor 0.2.3.20-rc is out
Next by thread: [tor-talk] Tor as ecommerce platform
Index(es):
- Author
- Thread