[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Tor is out

Tor is the third release candidate for the 0.2.0 series. It
enables encrypted directory connections by default for non-relays, fixes
some broken TLS behavior we added in, and resolves many
other bugs. The bundles also include Vidalia 0.1.1 and Torbutton 1.1.17:

This is a release candidate! That means that we don't know of any
remaining show-stopping bugs, and this will become the new stable if
there are no problems. Please test it, and tell us about any problems
that you find.


Changes in version - 2008-03-18
  o Major features:
    - Enable encrypted directory connections by default for non-relays,
      so censor tools that block Tor directory connections based on their
      plaintext patterns will no longer work. This means Tor works in
      certain censored countries by default again.

  o Major bugfixes:
    - Make sure servers always request certificates from clients during
      TLS renegotiation. Reported by lodger; bugfix on
    - Do not enter a CPU-eating loop when a connection is closed in
      the middle of client-side TLS renegotiation. Fixes bug 622. Bug
      diagnosed by lodger; bugfix on
    - Fix assertion failure that could occur when a blocked circuit
      became unblocked, and it had pending client DNS requests. Bugfix
      on Fixes bug 632.

  o Minor bugfixes (on 0.1.2.x):
    - Generate "STATUS_SERVER" events rather than misspelled
      "STATUS_SEVER" events. Caught by mwenge.
    - When counting the number of bytes written on a TLS connection,
      look at the BIO actually used for writing to the network, not
      at the BIO used (sometimes) to buffer data for the network.
      Looking at different BIOs could result in write counts on the
      order of ULONG_MAX. Fixes bug 614.
    - On Windows, correctly detect errors when listing the contents of
      a directory. Fix from lodger.

  o Minor bugfixes (on 0.2.0.x):
    - Downgrade "sslv3 alert handshake failure" message to INFO.
    - If we set RelayBandwidthRate and RelayBandwidthBurst very high but
      left BandwidthRate and BandwidthBurst at the default, we would be
      silently limited by those defaults. Now raise them to match the
      RelayBandwidth* values.
    - Fix the SVK version detection logic to work correctly on a branch.
    - Make --enable-openbsd-malloc work correctly on Linux with alpha
      CPUs. Fixes bug 625.
    - Logging functions now check that the passed severity is sane.
    - Use proper log levels in the testsuite call of
    - When using a nonstandard malloc, do not use the platform values for
    - Make the openbsd malloc code use 8k pages on alpha CPUs and
      16k pages on ia64.
    - Detect mismatched page sizes when using --enable-openbsd-malloc.
    - Avoid double-marked-for-close warning when certain kinds of invalid
      .in-addr.arpa addresses are passed to the DNSPort. Part of a fix
      for bug 617. Bugfix on
    - Make sure that the "NULL-means-reject *:*" convention is followed by
      all the policy manipulation functions, avoiding some possible crash
      bugs. Bug found by lodger. Bugfix on
    - Fix the implementation of ClientDNSRejectInternalAddresses so that it
      actually works, and doesn't warn about every single reverse lookup.
      Fixes the other part of bug 617.  Bugfix on

  o Minor features:
    - Only log guard node status when guard node status has changed.
    - Downgrade the 3 most common "INFO" messages to "DEBUG". This will
      make "INFO" 75% less verbose.

Attachment: signature.asc
Description: Digital signature