[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor is out

Tor fixes a variety of potential remote crash
vulnerabilities, makes socks5 username/password circuit isolation
actually actually work (this time for sure!), and cleans up a bunch
of other issues in preparation for a release candidate.


Changes in version - 2013-06-14
  o Major bugfixes (robustness):
    - Close any circuit that has too many cells queued on it. Fixes
      bug 9063; bugfix on the 54th commit of Tor. This bug is a further
      fix beyond bug 6252, whose fix was merged into
    - Prevent the get_freelists() function from running off the end of
      the list of freelists if it somehow gets an unrecognized
      allocation. Fixes bug 8844; bugfix on Reported by
    - Avoid an assertion failure on OpenBSD (and perhaps other BSDs)
      when an exit connection with optimistic data succeeds immediately
      rather than returning EINPROGRESS. Fixes bug 9017; bugfix on
    - Fix a directory authority crash bug when building a consensus
      using an older consensus as its basis. Fixes bug 8833. Bugfix

  o Major bugfixes:
    - Avoid a memory leak where we would leak a consensus body when we
      find that a consensus which we couldn't previously verify due to
      missing certificates is now verifiable. Fixes bug 8719; bugfix
    - We used to always request authority certificates by identity digest,
      meaning we'd get the newest one even when we wanted one with a
      different signing key. Then we would complain about being given
      a certificate we already had, and never get the one we really
      wanted. Now we use the "fp-sk/" resource as well as the "fp/"
      resource to request the one we want. Fixes bug 5595; bugfix on
    - Follow the socks5 protocol when offering username/password
      authentication. The fix for bug 8117 exposed this bug, and it
      turns out real-world applications like Pidgin do care. Bugfix on; fixes bug 8879.
    - Prevent failures on Windows Vista and later when rebuilding the
      microdescriptor cache. Diagnosed by Robert Ransom. Fixes bug 8822;
      bugfix on

  o Minor bugfixes:
    - Fix an impossible buffer overrun in the AES unit tests. Fixes
      bug 8845; bugfix on Found by eugenis.
    - If for some reason we fail to write a microdescriptor while
      rebuilding the cache, do not let the annotations from that
      microdescriptor linger in the cache file, and do not let the
      microdescriptor stay recorded as present in its old location.
      Fixes bug 9047; bugfix on
    - Fix a memory leak that would occur whenever a configuration
      option changed. Fixes bug 8718; bugfix on
    - Paste the description for PathBias parameters from the man
      page into or.h, so the code documents them too. Fixes bug 7982;
      bugfix on and
    - Relays now treat a changed IPv6 ORPort as sufficient reason to
      publish an updated descriptor. Fixes bug 6026; bugfix on
     - When launching a resolve request on behalf of an AF_UNIX control
       socket, omit the address field of the new entry connection, used in
       subsequent controller events, rather than letting tor_dup_addr()
       set it to "<unknown address type>". Fixes bug 8639; bugfix on

  o Minor bugfixes (log messages):
    - Fix a scaling issue in the path bias accounting code that
      resulted in "Bug:" log messages from either
      pathbias_scale_close_rates() or pathbias_count_build_success().
      This represents a bugfix on a previous bugfix: the original fix
      attempted in was incomplete. Fixes bug 8235; bugfix
    - Give a less useless error message when the user asks for an IPv4
      address on an IPv6-only port, or vice versa. Fixes bug 8846; bugfix

  o Minor features:
    - Downgrade "unexpected SENDME" warnings to protocol-warn for 0.2.4.x,
      to tolerate bug 8093 for now.
    - Add an "ignoring-advertised-bws" boolean to the flag-threshold lines
      in directory authority votes to describe whether they have enough
      measured bandwidths to ignore advertised (relay descriptor)
      bandwidth claims. Resolves ticket 8711.
    - Update to the June 5 2013 Maxmind GeoLite Country database.

  o Removed documentation:
    - Remove some of the older contents of doc/ as obsolete; move others
      to torspec.git. Fixes bug 8965.

  o Code simplification and refactoring:
    - Avoid using character buffers when constructing most directory
      objects: this approach was unwieldy and error-prone. Instead,
      build smartlists of strings, and concatenate them when done.

Attachment: signature.asc
Description: Digital signature

tor-talk mailing list