Tor 0.2.0.19-alpha makes more progress towards normalizing Tor's TLS handshake, makes path selection for relays more secure and IP address guessing more robust, and generally fixes a lot of bugs in preparation for calling the 0.2.0 branch stable. https://www.torproject.org/download#Dev Changes in version 0.2.0.19-alpha - 2008-02-09 o Major features: - Do not include recognizeable strings in the commonname part of Tor's x509 certificates. o Major bugfixes: - If we're a relay, avoid picking ourselves as an introduction point, a rendezvous point, or as the final hop for internal circuits. Bug reported by taranis and lodger. Bugfix on 0.1.2.x. - Patch from "Andrew S. Lists" to catch when we contact a directory mirror at IP address X and he says we look like we're coming from IP address X. Bugfix on 0.1.2.x. o Minor features (security): - Be more paranoid about overwriting sensitive memory on free(), as a defensive programming tactic to ensure forward secrecy. o Minor features (directory authority): - Actually validate the options passed to AuthDirReject, AuthDirInvalid, AuthDirBadDir, and AuthDirBadExit. - Reject router descriptors with out-of-range bandwidthcapacity or bandwidthburst values. o Minor features (controller): - Reject controller commands over 1MB in length. This keeps rogue processes from running us out of memory. o Minor features (misc): - Give more descriptive well-formedness errors for out-of-range hidden service descriptor/protocol versions. - Make memory debugging information describe more about history of cell allocation, so we can help reduce our memory use. o Deprecated features (controller): - The status/version/num-versioning and status/version/num-concurring GETINFO options are no longer useful in the v3 directory protocol: treat them as deprecated, and warn when they're used. o Minor bugfixes: - When our consensus networkstatus has been expired for a while, stop being willing to build circuits using it. Fixes bug 401. Bugfix on 0.1.2.x. - Directory caches now fetch certificates from all authorities listed in a networkstatus consensus, even when they do not recognize them. Fixes bug 571. Bugfix on 0.2.0.x. - When connecting to a bridge without specifying its key, insert the connection into the identity-to-connection map as soon as a key is learned. Fixes bug 574. Bugfix on 0.2.0.x. - Detect versions of OS X where malloc_good_size() is present in the library but never actually declared. Resolves bug 587. Bugfix on 0.2.0.x. - Stop incorrectly truncating zlib responses to directory authority signature download requests. Fixes bug 593. Bugfix on 0.2.0.x. - Stop recommending that every server operator send mail to tor-ops. Resolves bug 597. Bugfix on 0.1.2.x. - Don't trigger an assert if we start a directory authority with a private IP address (like 127.0.0.1). - Avoid possible failures when generating a directory with routers with over-long versions strings, or too many flags set. Bugfix on 0.1.2.x. - If an attempt to launch a DNS resolve request over the control port fails because we have overrun the limit on the number of connections, tell the controller that the request has failed. - Avoid using too little bandwidth when our clock skips a few seconds. Bugfix on 0.1.2.x. - Fix shell error when warning about missing packages in configure script, on Fedora or Red Hat machines. Bugfix on 0.2.0.x. - Do not become confused when receiving a spurious VERSIONS-like cell from a confused v1 client. Bugfix on 0.2.0.x. - Re-fetch v2 (as well as v0) rendezvous descriptors when all introduction points for a hidden service have failed. Patch from Karsten Loesing. Bugfix on 0.2.0.x. o Code simplifications and refactoring: - Remove some needless generality from cpuworker code, for improved type-safety. - Stop overloading the circuit_t.onionskin field for both "onionskin from a CREATE cell that we are waiting for a cpuworker to be assigned" and "onionskin from an EXTEND cell that we are going to send to an OR as soon as we are connected". Might help with bug 600. - Add an in-place version of aes_crypt() so that we can avoid doing a needless memcpy() call on each cell payload.
Attachment:
signature.asc
Description: Digital signature