Tor 0.2.1.11-alpha released

by phobos | January 22, 2009

Tor 0.2.1.11-alpha finishes fixing the "if your Tor is off for a week it
will take a long time to bootstrap again" bug. It also fixes an important
security-related bug reported by Ilja van Sprundel. You should upgrade.
(We'll send out more details about the bug once people have had some
time to upgrade.)

https://www.torproject.org/download.html.en

Changes in version 0.2.1.11-alpha - 2009-01-20
Security fixes:

  • Fix a heap-corruption bug that may be remotely triggerable on
    some platforms. Reported by Ilja van Sprundel.

Major bugfixes:

  • Discard router descriptors as we load them if they are more than
    five days old. Otherwise if Tor is off for a long time and then
    starts with cached descriptors, it will try to use the onion
    keys in those obsolete descriptors when building circuits. Bugfix
    on 0.2.0.x. Fixes bug 887.

Minor features:

  • Try to make sure that the version of Libevent we're running with
    is binary-compatible with the one we built with. May address bug
    897 and others.
  • Make setting ServerDNSRandomizeCase to 0 actually work. Bugfix
    for bug 905. Bugfix on 0.2.1.7-alpha.
  • Add a new --enable-local-appdata configuration switch to change
    the default location of the datadir on win32 from APPDATA to
    LOCAL_APPDATA. In the future, we should migrate to LOCAL_APPDATA
    entirely. Patch from coderman.

Minor bugfixes:

  • Make outbound DNS packets respect the OutboundBindAddress setting.
    Fixes the bug part of bug 798. Bugfix on 0.1.2.2-alpha.
  • When our circuit fails at the first hop (e.g. we get a destroy
    cell back), avoid using that OR connection anymore, and also
    tell all the one-hop directory requests waiting for it that they
    should fail. Bugfix on 0.2.1.3-alpha.
  • In the torify(1) manpage, mention that tsocks will leak your
    DNS requests.

Original announcement can be found at http://archives.seul.org/or/talk/Jan-2009/msg00171.html

Comments

Please note that the comment area below has been archived.

@TOR developers

Please wait for publishing of security-related bug information until BSD users are able to upgrade their system. Keep in mind that the BSD ports collection sometimes will be updated with a delay. This means that the time a tor server operator decides to update his system has to be added to the delayed time the new tor version is really available in the BSD ports collection tree.

Tnx
RMcC

Can you give us some hint about when you think BSD users will be in better shape? We're currently planning to wait a few weeks, but we weren't planning to wait a few months. Is that too short?

(I need to go bug the Ubuntu people to stop shipping Tor 0.1.2.x and move
to 0.2.0.x, so that's another stumbling block that's holdiing us up.)

January 24, 2009

Permalink

Warning message in TBB Controler used oboselete addr-mappings/GETINFO Key; use-address-mappings/instead. Please fix it.

This is a problem with Vidalia. It will be fixed in the next release of Vidalia.

January 26, 2009

Permalink

when will be the next release?After releasing it willl be posted here. Please answer.

Vidalia is still very much under active development. I don't know the release schedule at this time. For now, just ignore that message.