Tor 0.2.1.9-alpha fixes many more bugs, some of them security-related.
https://www.torproject.org/download.html.en
Changes in version 0.2.1.9-alpha - 2008-12-25
o New directory authorities:
- gabelmoo (the authority run by Karsten Loesing) now has a new
IP address.
o Security fixes:
- Never use a connection with a mismatched address to extend a
circuit, unless that connection is canonical. A canonical
connection is one whose address is authenticated by the router's
identity key, either in a NETINFO cell or in a router descriptor.
- Avoid a possible memory corruption bug when receiving hidden service
descriptors. Bugfix on 0.2.1.6-alpha.
o Major bugfixes:
- Fix a logic error that would automatically reject all but the first
configured DNS server. Bugfix on 0.2.1.5-alpha. Possible fix for
part of bug 813/868. Bug spotted by coderman.
- When a stream at an exit relay is in state "resolving" or
"connecting" and it receives an "end" relay cell, the exit relay
would silently ignore the end cell and not close the stream. If
the client never closes the circuit, then the exit relay never
closes the TCP connection. Bug introduced in 0.1.2.1-alpha;
reported by "wood".
- When we can't initialize DNS because the network is down, do not
automatically stop Tor from starting. Instead, retry failed
dns_inits() every 10 minutes, and change the exit policy to reject
*:* until one succeeds. Fixes bug 691.
o Minor features:
- Give a better error message when an overzealous init script says
"sudo -u username tor --user username". Makes Bug 882 easier for
users to diagnose.
- When a directory authority gives us a new guess for our IP address,
log which authority we used. Hopefully this will help us debug
the recent complaints about bad IP address guesses.
- Detect svn revision properly when we're using git-svn.
- Try not to open more than one descriptor-downloading connection
to an authority at once. This should reduce load on directory
authorities. Fixes bug 366.
- Add cross-certification to newly generated certificates, so that
a signing key is enough information to look up a certificate.
Partial implementation of proposal 157.
- Start serving certificates by <identity digest, signing key digest>
pairs. Partial implementation of proposal 157.
- Clients now never report any stream end reason except 'MISC'.
Implements proposal 148.
- On platforms with a maximum syslog string length, truncate syslog
messages to that length ourselves, rather than relying on the
system to do it for us.
- Optimize out calls to time(NULL) that occur for every IO operation,
or for every cell. On systems where time() is a slow syscall,
this fix will be slightly helpful.
- Exit servers can now answer resolve requests for ip6.arpa addresses.
- When we download a descriptor that we then immediately (as
a directory authority) reject, do not retry downloading it right
away. Should save some bandwidth on authorities. Fix for bug
888. Patch by Sebastian Hahn.
- When a download gets us zero good descriptors, do not notify
Tor that new directory information has arrived.
- Avoid some nasty corner cases in the logic for marking connections
as too old or obsolete or noncanonical for circuits.
o Minor features (controller):
- New CONSENSUS_ARRIVED event to note when a new consensus has
been fetched and validated.
- When we realize that another process has modified our cached
descriptors file, print out a more useful error message rather
than triggering an assertion. Fixes bug 885. Patch from Karsten.
- Add an internal-use-only __ReloadTorrcOnSIGHUP option for
controllers to prevent SIGHUP from reloading the
configuration. Fixes bug 856.
o Minor bugfixes:
- Resume using the correct "REASON=" stream when telling the
controller why we closed a stream. Bugfix in 0.2.1.1-alpha.
- When a canonical connection appears later in our internal list
than a noncanonical one for a given OR ID, always use the
canonical one. Bugfix on 0.2.0.12-alpha. Fixes bug 805.
Spotted by rovv.
- Clip the MaxCircuitDirtiness config option to a minimum of 10
seconds. Warn the user if lower values are given in the
configuration. Bugfix on 0.1.0.1-rc. Patch by Sebastian.
- Clip the CircuitBuildTimeout to a minimum of 30 seconds. Warn the
user if lower values are given in the configuration. Bugfix on
0.1.1.17-rc. Patch by Sebastian.
- Fix a race condition when freeing keys shared between main thread
and CPU workers that could result in a memory leak. Bugfix on
0.1.0.1-rc. Fixes bug 889.
o Minor bugfixes (hidden services):
- Do not throw away existing introduction points on SIGHUP (bugfix on
0.0.6pre1); also, do not stall hidden services because we're
throwing away introduction points; bugfix on 0.2.1.7-alpha. Spotted
by John Brooks. Patch by Karsten. Fixes bug 874.
- Fix a memory leak when we decline to add a v2 rendezvous
descriptor to the cache because we already had a v0 descriptor
with the same ID. Bugfix on 0.2.0.18-alpha.
o Deprecated and removed features:
- RedirectExits has been removed. It was deprecated since
0.2.0.3-alpha.
- Finally remove deprecated "EXTENDED_FORMAT" controller feature. It
has been called EXTENDED_EVENTS since 0.1.2.4-alpha.
- Cell pools are now always enabled; --disable-cell-pools is ignored.
o Code simplifications and refactoring:
- Rename the confusing or_is_obsolete field to the more appropriate
is_bad_for_new_circs, and move it to or_connection_t where it
belongs.
- Move edge-only flags from connection_t to edge_connection_t: not
only is this better coding, but on machines of plausible alignment,
it should save 4-8 bytes per connection_t. "Every little bit helps."
- Rename ServerDNSAllowBrokenResolvConf to ServerDNSAllowBrokenConfig
for consistency; keep old option working for backward compatibility.
- Simplify the code for finding connections to use for a circuit.
Attachment:
signature.asc
Description: Digital signature