Tor 0.2.1.11-alpha released
Tor 0.2.1.11-alpha finishes fixing the "if your Tor is off for a week it
will take a long time to bootstrap again" bug. It also fixes an important
security-related bug reported by Ilja van Sprundel. You should upgrade.
(We'll send out more details about the bug once people have had some
time to upgrade.)
https://www.torproject.org/download.html.en
Changes in version 0.2.1.11-alpha - 2009-01-20
Security fixes:
- Fix a heap-corruption bug that may be remotely triggerable on
some platforms. Reported by Ilja van Sprundel.
Major bugfixes:
- Discard router descriptors as we load them if they are more than
five days old. Otherwise if Tor is off for a long time and then
starts with cached descriptors, it will try to use the onion
keys in those obsolete descriptors when building circuits. Bugfix
on 0.2.0.x. Fixes bug 887.
Minor features:
- Try to make sure that the version of Libevent we're running with
is binary-compatible with the one we built with. May address bug
897 and others. - Make setting ServerDNSRandomizeCase to 0 actually work. Bugfix
for bug 905. Bugfix on 0.2.1.7-alpha. - Add a new --enable-local-appdata configuration switch to change
the default location of the datadir on win32 from APPDATA to
LOCAL_APPDATA. In the future, we should migrate to LOCAL_APPDATA
entirely. Patch from coderman.
Minor bugfixes:
- Make outbound DNS packets respect the OutboundBindAddress setting.
Fixes the bug part of bug 798. Bugfix on 0.1.2.2-alpha. - When our circuit fails at the first hop (e.g. we get a destroy
cell back), avoid using that OR connection anymore, and also
tell all the one-hop directory requests waiting for it that they
should fail. Bugfix on 0.2.1.3-alpha. - In the torify(1) manpage, mention that tsocks will leak your
DNS requests.
Original announcement can be found at http://archives.seul.org/or/talk/Jan-2009/msg00171.html
Comments
Please note that the comment area below has been archived.
RE: Tor 0.2.1.11-alpha released
@TOR developers
Please wait for publishing of security-related bug information until BSD users are able to upgrade their system. Keep in mind that the BSD ports collection sometimes will be updated with a delay. This means that the time a tor server operator decides to update his system has to be added to the delayed time the new tor version is really available in the BSD ports collection tree.
Tnx
RMcC
We're waiting.
Yes, we're waiting to disclose the details in order to give users and node operators time to upgrade.
Re: delaying security advisory so BSD can upgrade
Can you give us some hint about when you think BSD users will be in better shape? We're currently planning to wait a few weeks, but we weren't planning to wait a few months. Is that too short?
(I need to go bug the Ubuntu people to stop shipping Tor 0.1.2.x and move
to 0.2.0.x, so that's another stumbling block that's holdiing us up.)
Warning message in TBB
Warning message in TBB Controler used oboselete addr-mappings/GETINFO Key; use-address-mappings/instead. Please fix it.
Yes.
This is a problem with Vidalia. It will be fixed in the next release of Vidalia.
Thanx 4 ur reply phobos!
Thanx 4 ur reply phobos!
when will be the next
when will be the next release?After releasing it willl be posted here. Please answer.
Unknown
Vidalia is still very much under active development. I don't know the release schedule at this time. For now, just ignore that message.
k phobos thanx 4 answering
k phobos thanx 4 answering my questions. Looking forward 2 c more.
Tor BSD update ... ... *Done*
Since 29. January the FreeBSD ports of Tor are up to date.
http://www.freshports.org/security/tor-devel/
http://www.freshports.org/security/tor
Now it's up to the tor operator to update his system.
Re: Tor BSD update ... ... *Done*
Great to hear.
But just to keep things exciting, we put out a new stable and development
release today (0.2.0.34 / 0.2.1.12-alpha), with more security fixes. :)
Hopefully these new fixes will last us for a while yet.