[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Tor is out

This is the first release candidate for the 0.1.1.x series.

It fixes a major bootstrapping bug for clients and adds some more
security improvements. We're fixing a few known bugs, and if you
find others please let us know.


Changes in version - 2006-03-11
  o Bugfixes and cleanups:
    - When we're printing strings from the network, don't try to print
      non-printable characters. This protects us against shell escape
      sequence exploits, and also against attacks to fool humans into
      misreading their logs.
    - Fix a bug where Tor would fail to establish any connections if you
      left it off for 24 hours and then started it: we were happy with
      the obsolete network statuses, but they all referred to router
      descriptors that were too old to fetch, so we ended up with no
      valid router descriptors.
    - Fix a seg fault in the controller's "getinfo orconn-status"
      command while listing status on incoming handshaking connections.
      Introduce a status name "NEW" for these connections.
    - If we get a linelist or linelist_s config option from the torrc
      (e.g. ExitPolicy) and it has no value, warn and skip rather than
      silently resetting it to its default.
    - Don't abandon entry guards until they've been down or gone for
      a whole month.
    - Cleaner and quieter log messages.

  o New features:
    - New controller signal NEWNYM that makes new application requests
      use clean circuits.
    - Add a new circuit purpose 'controller' to let the controller ask
      for a circuit that Tor won't try to use. Extend the EXTENDCIRCUIT
      controller command to let you specify the purpose if you're
      starting a new circuit.  Add a new SETCIRCUITPURPOSE controller
      command to let you change a circuit's purpose after it's been
    - Accept "private:*" in routerdesc exit policies; not generated yet
      because older Tors do not understand it.
    - Add BSD-style contributed startup script "rc.subr" from Peter