Tor 0.2.1.9-alpha fixes many more bugs, some of them security-related. https://www.torproject.org/download.html.en Changes in version 0.2.1.9-alpha - 2008-12-25 o New directory authorities: - gabelmoo (the authority run by Karsten Loesing) now has a new IP address. o Security fixes: - Never use a connection with a mismatched address to extend a circuit, unless that connection is canonical. A canonical connection is one whose address is authenticated by the router's identity key, either in a NETINFO cell or in a router descriptor. - Avoid a possible memory corruption bug when receiving hidden service descriptors. Bugfix on 0.2.1.6-alpha. o Major bugfixes: - Fix a logic error that would automatically reject all but the first configured DNS server. Bugfix on 0.2.1.5-alpha. Possible fix for part of bug 813/868. Bug spotted by coderman. - When a stream at an exit relay is in state "resolving" or "connecting" and it receives an "end" relay cell, the exit relay would silently ignore the end cell and not close the stream. If the client never closes the circuit, then the exit relay never closes the TCP connection. Bug introduced in 0.1.2.1-alpha; reported by "wood". - When we can't initialize DNS because the network is down, do not automatically stop Tor from starting. Instead, retry failed dns_inits() every 10 minutes, and change the exit policy to reject *:* until one succeeds. Fixes bug 691. o Minor features: - Give a better error message when an overzealous init script says "sudo -u username tor --user username". Makes Bug 882 easier for users to diagnose. - When a directory authority gives us a new guess for our IP address, log which authority we used. Hopefully this will help us debug the recent complaints about bad IP address guesses. - Detect svn revision properly when we're using git-svn. - Try not to open more than one descriptor-downloading connection to an authority at once. This should reduce load on directory authorities. Fixes bug 366. - Add cross-certification to newly generated certificates, so that a signing key is enough information to look up a certificate. Partial implementation of proposal 157. - Start serving certificates by <identity digest, signing key digest> pairs. Partial implementation of proposal 157. - Clients now never report any stream end reason except 'MISC'. Implements proposal 148. - On platforms with a maximum syslog string length, truncate syslog messages to that length ourselves, rather than relying on the system to do it for us. - Optimize out calls to time(NULL) that occur for every IO operation, or for every cell. On systems where time() is a slow syscall, this fix will be slightly helpful. - Exit servers can now answer resolve requests for ip6.arpa addresses. - When we download a descriptor that we then immediately (as a directory authority) reject, do not retry downloading it right away. Should save some bandwidth on authorities. Fix for bug 888. Patch by Sebastian Hahn. - When a download gets us zero good descriptors, do not notify Tor that new directory information has arrived. - Avoid some nasty corner cases in the logic for marking connections as too old or obsolete or noncanonical for circuits. o Minor features (controller): - New CONSENSUS_ARRIVED event to note when a new consensus has been fetched and validated. - When we realize that another process has modified our cached descriptors file, print out a more useful error message rather than triggering an assertion. Fixes bug 885. Patch from Karsten. - Add an internal-use-only __ReloadTorrcOnSIGHUP option for controllers to prevent SIGHUP from reloading the configuration. Fixes bug 856. o Minor bugfixes: - Resume using the correct "REASON=" stream when telling the controller why we closed a stream. Bugfix in 0.2.1.1-alpha. - When a canonical connection appears later in our internal list than a noncanonical one for a given OR ID, always use the canonical one. Bugfix on 0.2.0.12-alpha. Fixes bug 805. Spotted by rovv. - Clip the MaxCircuitDirtiness config option to a minimum of 10 seconds. Warn the user if lower values are given in the configuration. Bugfix on 0.1.0.1-rc. Patch by Sebastian. - Clip the CircuitBuildTimeout to a minimum of 30 seconds. Warn the user if lower values are given in the configuration. Bugfix on 0.1.1.17-rc. Patch by Sebastian. - Fix a race condition when freeing keys shared between main thread and CPU workers that could result in a memory leak. Bugfix on 0.1.0.1-rc. Fixes bug 889. o Minor bugfixes (hidden services): - Do not throw away existing introduction points on SIGHUP (bugfix on 0.0.6pre1); also, do not stall hidden services because we're throwing away introduction points; bugfix on 0.2.1.7-alpha. Spotted by John Brooks. Patch by Karsten. Fixes bug 874. - Fix a memory leak when we decline to add a v2 rendezvous descriptor to the cache because we already had a v0 descriptor with the same ID. Bugfix on 0.2.0.18-alpha. o Deprecated and removed features: - RedirectExits has been removed. It was deprecated since 0.2.0.3-alpha. - Finally remove deprecated "EXTENDED_FORMAT" controller feature. It has been called EXTENDED_EVENTS since 0.1.2.4-alpha. - Cell pools are now always enabled; --disable-cell-pools is ignored. o Code simplifications and refactoring: - Rename the confusing or_is_obsolete field to the more appropriate is_bad_for_new_circs, and move it to or_connection_t where it belongs. - Move edge-only flags from connection_t to edge_connection_t: not only is this better coding, but on machines of plausible alignment, it should save 4-8 bytes per connection_t. "Every little bit helps." - Rename ServerDNSAllowBrokenResolvConf to ServerDNSAllowBrokenConfig for consistency; keep old option working for backward compatibility. - Simplify the code for finding connections to use for a circuit.
Description: Digital signature