On Sun, Jan 30, 2011 at 10:30 AM, Roger Dingledine
<arma@xxxxxxx> wrote:
Tor 0.2.2.22-alpha fixes a few more less-critical security issues. The
main other change is a slight tweak to Tor's TLS handshake that makes
relays and bridges that run this new version reachable from Iran again.
We don't expect this tweak will win the arms race long-term, but it will
buy us a bit more time until we roll out a better solution.
Anybody running a relay or bridge who wants it to work for Iran should
upgrade.
https://www.torproject.org/download/download
Changes in version 0.2.2.22-alpha - 2011-01-25
Âo Major bugfixes:
 Â- Fix a bounds-checking error that could allow an attacker to
  Âremotely crash a directory authority. Bugfix on 0.2.1.5-alpha.
  ÂFound by "piebeer".
 Â- Don't assert when changing from bridge to relay or vice versa
  Âvia the controller. The assert happened because we didn't properly
  Âinitialize our keys in this case. Bugfix on 0.2.2.18-alpha; fixes
  Âbug 2433. Reported by bastik.
Âo Minor features:
 Â- Adjust our TLS Diffie-Hellman parameters to match those used by
  ÂApache's mod_ssl.
 Â- Provide a log message stating which geoip file we're parsing
  Âinstead of just stating that we're parsing the geoip file.
  ÂImplements ticket 2432.
Âo Minor bugfixes:
 Â- Check for and reject overly long directory certificates and
  Âdirectory tokens before they have a chance to hit any assertions.
  ÂBugfix on 0.2.1.28 / 0.2.2.20-alpha. Found by "doorss".
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNRQyK61qJaiiYi/URArD2AJ4oV2y8AkwauDI1in80SFKZH1bw9ACgpVrO
RWQbSEo2twF6eMgbvsB6XNg=
=RRxg
-----END PGP SIGNATURE-----