[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Tor is out

Tor finishes fixing the "if your Tor is off for a week it
will take a long time to bootstrap again" bug. It also fixes an important
security-related bug reported by Ilja van Sprundel. You should upgrade.
(We'll send out more details about the bug once people have had some
time to upgrade.)


Changes in version - 2009-01-20
  o Security fixes:
    - Fix a heap-corruption bug that may be remotely triggerable on
      some platforms. Reported by Ilja van Sprundel.

  o Major bugfixes:
    - Discard router descriptors as we load them if they are more than
      five days old. Otherwise if Tor is off for a long time and then
      starts with cached descriptors, it will try to use the onion
      keys in those obsolete descriptors when building circuits. Bugfix
      on 0.2.0.x. Fixes bug 887.

  o Minor features:
    - Try to make sure that the version of Libevent we're running with
      is binary-compatible with the one we built with. May address bug
      897 and others.
    - Make setting ServerDNSRandomizeCase to 0 actually work. Bugfix
      for bug 905. Bugfix on
    - Add a new --enable-local-appdata configuration switch to change
      the default location of the datadir on win32 from APPDATA to
      LOCAL_APPDATA. In the future, we should migrate to LOCAL_APPDATA
      entirely. Patch from coderman.

  o Minor bugfixes:
    - Make outbound DNS packets respect the OutboundBindAddress setting.
      Fixes the bug part of bug 798. Bugfix on
    - When our circuit fails at the first hop (e.g. we get a destroy
      cell back), avoid using that OR connection anymore, and also
      tell all the one-hop directory requests waiting for it that they
      should fail. Bugfix on
    - In the torify(1) manpage, mention that tsocks will leak your
      DNS requests.

Attachment: signature.asc
Description: Digital signature