SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for tor-0.2.2.35-1.3.i586.rpm :
Thu Dec 22 13:00:00 2011 detlefAATTlinks2linux.de
- new upstream version <0.2.2.35>

Tue Aug 30 14:00:00 2011 detlefAATTlinks2linux.de
- new upstream version <0.2.2.32>

Thu Feb 3 13:00:00 2011 detlefAATTlinks2linux.de
- new upstream version <0.2.1.30>

* Major bugfixes:
- Stop sending a CLOCK_SKEW controller status event whenever
we fetch directory information from a relay that has a wrong clock.
Instead, only inform the controller when it\'s a trusted authority
that claims our clock is wrong. Bugfix on 0.1.2.6-alpha; fixes
the rest of bug 1074.
- Fix a bounds-checking error that could allow an attacker to
remotely crash a directory authority. Bugfix on 0.2.1.5-alpha.
Found by \"piebeer\".
- If relays set RelayBandwidthBurst but not RelayBandwidthRate,
Tor would ignore their RelayBandwidthBurst setting,
potentially using more bandwidth than expected. Bugfix on
0.2.0.1-alpha. Reported by Paul Wouters. Fixes bug 2470.
- Ignore and warn if the user mistakenly sets \"PublishServerDescriptor
hidserv\" in her torrc. The \'hidserv\' argument never controlled
publication of hidden service descriptors. Bugfix on 0.2.0.1-alpha.

* Minor features:
- Adjust our TLS Diffie-Hellman parameters to match those used by
Apache\'s mod_ssl.
- Update to the February 1 2011 Maxmind GeoLite Country database.

* Minor bugfixes:
- Check for and reject overly long directory certificates and
directory tokens before they have a chance to hit any assertions.
Bugfix on 0.2.1.28. Found by \"doorss\".
- Bring the logic that gathers routerinfos and assesses the
acceptability of circuits into line. This prevents a Tor OP from
getting locked in a cycle of choosing its local OR as an exit for a
path (due to a .exit request) and then rejecting the circuit because
its OR is not listed yet. It also prevents Tor clients from using an
OR running in the same instance as an exit (due to a .exit request)
if the OR does not meet the same requirements expected of an OR
running elsewhere. Fixes bug 1859; bugfix on 0.1.0.1-rc.

Wed Jan 19 13:00:00 2011 detlefAATTlinks2linux.de
- new upstream version <0.2.1.29>

Fri Dec 24 13:00:00 2010 detlefAATTlinks2linux.de
- new upstream version <0.2.1.28>

* Tor 0.2.1.28 does some code cleanup to reduce the risk of remotely
exploitable bugs. We also took this opportunity to change the IP address
for one of our directory authorities, and to update the geoip database
we ship.

* Major bugfixes:
- Fix a remotely exploitable bug that could be used to crash instances
of Tor remotely by overflowing on the heap. Remote-code execution
hasn\'t been confirmed, but can\'t be ruled out. Everyone should
upgrade. Bugfix on the 0.1.1 series and later.

* Directory authority changes:
- Change IP address and ports for gabelmoo (v3 directory authority).

* Minor features:
- Update to the December 1 2010 Maxmind GeoLite Country database.

Sat Nov 27 13:00:00 2010 detlefAATTlinks2linux.de
- new upstream version <0.2.1.27>

* Major bugfixes:
- Resolve an incompatibility with OpenSSL 0.9.8p and OpenSSL 1.0.0b:
No longer set the tlsext_host_name extension on server SSL objects;
but continue to set it on client SSL objects. Our goal in setting
it was to imitate a browser, not a vhosting server. Fixes bug 2204;
bugfix on 0.2.1.1-alpha.
- Do not log messages to the controller while shrinking buffer
freelists. Doing so would sometimes make the controller connection
try to allocate a buffer chunk, which would mess up the internals
of the freelist and cause an assertion failure. Fixes bug 1125;
fixed by Robert Ransom. Bugfix on 0.2.0.16-alpha.
- Learn our external IP address when we\'re a relay or bridge, even if
we set PublishServerDescriptor to 0. Bugfix on 0.2.0.3-alpha,
where we introduced bridge relays that don\'t need to publish to
be useful. Fixes bug 2050.
- Do even more to reject (and not just ignore) annotations on
router descriptors received anywhere but from the cache. Previously
we would ignore such annotations at first, but cache them to disk
anyway. Bugfix on 0.2.0.8-alpha. Found by piebeer.
- When you\'re using bridges and your network goes away and your
bridges get marked as down, recover when you attempt a new socks
connection (if the network is back), rather than waiting up to an
hour to try fetching new descriptors for your bridges. Bugfix on
0.2.0.3-alpha; fixes bug 1981.

* Major features:
- Move to the November 2010 Maxmind GeoLite country db (rather
than the June 2009 ip-to-country GeoIP db) for our statistics that
count how many users relays are seeing from each country. Now we\'ll
have more accurate data, especially for many African countries.

* New directory authorities:
- Set up maatuska (run by Linus Nordberg) as the eighth v3 directory
authority.

* Minor bugfixes:
- Fix an assertion failure that could occur in directory caches or
bridge users when using a very short voting interval on a testing
network. Diagnosed by Robert Hogan. Fixes bug 1141; bugfix on
0.2.0.8-alpha.
- Enforce multiplicity rules when parsing annotations. Bugfix on
0.2.0.8-alpha. Found by piebeer.
- Allow handshaking OR connections to take a full KeepalivePeriod
seconds to handshake. Previously, we would close them after
IDLE_OR_CONN_TIMEOUT (180) seconds, the same timeout as if they
were open. Bugfix on 0.2.1.26; fixes bug 1840. Thanks to mingw-san
for analysis help.
- When building with --enable-gcc-warnings on OpenBSD, disable
warnings in system headers. This makes --enable-gcc-warnings
pass on OpenBSD 4.8.

* Minor features:
- Exit nodes didn\'t recognize EHOSTUNREACH as a plausible error code,
and so sent back END_STREAM_REASON_MISC. Clients now recognize a new
stream ending reason for this case: END_STREAM_REASON_NOROUTE.
Servers can start sending this code when enough clients recognize
it. Bugfix on 0.1.0.1-rc; fixes part of bug 1793.
- Build correctly on mingw with more recent versions of OpenSSL 0.9.8.
Patch from mingw-san.

* Removed files:
- Remove the old debian/ directory from the main Tor distribution.
The official Tor-for-debian git repository lives at the URL
https://git.torproject.org/debian/tor.git
- Stop shipping the old doc/website/ directory in the tarball. We
changed the website format in late 2010, and what we shipped in
0.2.1.26 really wasn\'t that useful anyway.

Mon May 3 14:00:00 2010 detlefAATTlinks2linux.de
- new upstream version <0.2.1.26>

* Major bugfixes:
- Teach relays to defend themselves from connection overload. Relays
now close idle circuits early if it looks like they were intended
for directory fetches. Relays are also more aggressive about closing
TLS connections that have no circuits on them. Such circuits are
unlikely to be re-used, and tens of thousands of them were piling
up at the fast relays, causing the relays to run out of sockets
and memory. Bugfix on 0.2.0.22-rc (where clients started tunneling
their directory fetches over TLS).
- Fix SSL renegotiation behavior on OpenSSL versions like on Centos
that claim to be earlier than 0.9.8m, but which have in reality
backported huge swaths of 0.9.8m or 0.9.8n renegotiation
behavior. Possible fix for some cases of bug 1346.
- Directory mirrors were fetching relay descriptors only from v2
directory authorities, rather than v3 authorities like they should.
Only 2 v2 authorities remain (compared to 7 v3 authorities), leading
to a serious bottleneck. Bugfix on 0.2.0.9-alpha. Fixes bug 1324.

* Minor bugfixes:
- Finally get rid of the deprecated and now harmful notion of \"clique
mode\", where directory authorities maintain TLS connections to
every other relay.

* Testsuite fixes:
- In the util/threads test, no longer free the test_mutex before all
worker threads have finished. Bugfix on 0.2.1.6-alpha.
- The master thread could starve the worker threads quite badly on
certain systems, causing them to run only partially in the allowed
window. This resulted in test failures. Now the master thread sleeps
occasionally for a few microseconds while the two worker-threads
compete for the mutex. Bugfix on 0.2.0.1-alpha.

Fri Mar 19 13:00:00 2010 detlefAATTlinks2linux.de
- new upstream version <0.2.1.25>

* Tor 0.2.1.25 fixes a regression introduced in 0.2.1.23 that could
prevent relays from guessing their IP address correctly. It also fixes
several minor potential security bugs.

* Major bugfixes:
- Fix a regression from our patch for bug 1244 that caused relays
to guess their IP address incorrectly if they didn\'t set Address
in their torrc and/or their address fails to resolve. Bugfix on
0.2.1.23; fixes bug 1269.
- When freeing a session key, zero it out completely. We only zeroed
the first ptrsize bytes. Bugfix on 0.0.2pre8. Discovered and
patched by ekir. Fixes bug 1254.

* Minor bugfixes:
- Fix a dereference-then-NULL-check sequence when publishing
descriptors. Bugfix on 0.2.1.5-alpha. Discovered by ekir; fixes
bug 1255.
- Fix another dereference-then-NULL-check sequence. Bugfix on
0.2.1.14-rc. Discovered by ekir; fixes bug 1256.
- Make sure we treat potentially not NUL-terminated strings correctly.
Bugfix on 0.1.1.13-alpha. Discovered by rieo; fixes bug 1257.

Thu Feb 25 13:00:00 2010 detlefAATTlinks2linux.de
- new upstream version <0.2.1.24>

* TLS Bug fixed :)

* Tor 0.2.1.24 makes Tor work again on the latest OS X -- this time
for sure!

* Minor bugfixes:
- Work correctly out-of-the-box with even more vendor-patched versions
of OpenSSL. In particular, make it so Debian and OS X don\'t need
customized patches to run/build.

Mon Feb 15 13:00:00 2010 detlefAATTlinks2linux.de
- new upstream version <0.2.1.23>

* Major bugfixes (performance):
- We were selecting our guards uniformly at random, and then weighting
which of our guards we\'d use uniformly at random. This imbalance
meant that Tor clients were severely limited on throughput (and
probably latency too) by the first hop in their circuit. Now we
select guards weighted by currently advertised bandwidth. We also
automatically discard guards picked using the old algorithm. Fixes
bug 1217; bugfix on 0.2.1.3-alpha. Found by Mike Perry.

* Major bugfixes:
- Make Tor work again on the latest OS X: when deciding whether to
use strange flags to turn TLS renegotiation on, detect the OpenSSL
version at run-time, not compile time. We need to do this because
Apple doesn\'t update its dev-tools headers when it updates its
libraries in a security patch.
- Fix a potential buffer overflow in lookup_last_hid_serv_request()
that could happen on 32-bit platforms with 64-bit time_t. Also fix
a memory leak when requesting a hidden service descriptor we\'ve
requested before. Fixes bug 1242, bugfix on 0.2.0.18-alpha. Found
by aakova.

* Directory authority changes:
- Change IP address for dannenberg (v3 directory authority), and
remove moria2 (obsolete v1, v2 directory authority and v0 hidden
service directory authority) from the list.

* Minor bugfixes:
- Refactor resolve_my_address() to not use gethostbyname() anymore.
Fixes bug 1244; bugfix on 0.0.2pre25. Reported by Mike Mestnik.

* Minor features:
- Avoid a mad rush at the beginning of each month when each client
rotates half of its guards. Instead we spread the rotation out
throughout the month, but we still avoid leaving a precise timestamp
in the state file about when we first picked the guard. Improves
over the behavior introduced in 0.1.2.17.

Fri Feb 12 13:00:00 2010 detlefAATTlinks2linux.de
- rebuild with new openssl (openSUSE_Update)

Mon Jan 25 13:00:00 2010 detlefAATTlinks2linux.de
- new upstream version <0.2.1.22>

* Tor 0.2.1.22 fixes a critical privacy problem in bridge directory
authorities -- it would tell you its whole history of bridge descriptors
if you make the right directory request. This stable update also
rotates two of the seven v3 directory authority keys and locations.

* Directory authority changes:
- Rotate keys (both v3 identity and relay identity) for moria1
and gabelmoo.

* Major bugfixes:
- Stop bridge directory authorities from answering dbg-stability.txt
directory queries, which would let people fetch a list of all
bridge identities they track. Bugfix on 0.2.1.6-alpha.

Sat Dec 26 13:00:00 2009 detlefAATTlinks2linux.de
- fix logrotate conf

Fri Dec 25 13:00:00 2009 detlefAATTlinks2linux.de
- new upstream version <0.2.1.21>

* Major bugfixes:
- Work around a security feature in OpenSSL 0.9.8l that prevents our
handshake from working unless we explicitly tell OpenSSL that we
are using SSL renegotiation safely. We are, of course, but OpenSSL
0.9.8l won\'t work unless we say we are.
- Avoid crashing if the client is trying to upload many bytes and the
circuit gets torn down at the same time, or if the flip side
happens on the exit relay. Bugfix on 0.2.0.1-alpha; fixes bug 1150.

* Minor bugfixes:
- Do not refuse to learn about authority certs and v2 networkstatus
documents that are older than the latest consensus. This bug might
have degraded client bootstrapping. Bugfix on 0.2.0.10-alpha.
Spotted and fixed by xmux.
- Fix a couple of very-hard-to-trigger memory leaks, and one hard-to-
trigger platform-specific option misparsing case found by Coverity
Scan.
- Fix a compilation warning on Fedora 12 by removing an impossible-to-
trigger assert. Fixes bug 1173.

Sat Dec 19 13:00:00 2009 detlefAATTlinks2linux.de
- add patch for openssl

Tue Nov 3 13:00:00 2009 detlefAATTlinks2linux.de
- new upstream version <0.2.1.20>

Sat Jul 18 14:00:00 2009 detlefAATTlinks2linux.de
- new upstream version <0.2.0.35>

* Avoid crashing in the presence of certain malformed descriptors.
Found by lark, and by automated fuzzing.

* Fix an edge case where a malicious exit relay could convince a
controller that the client\'s DNS question resolves to an internal IP
address. Bug found and fixed by \"optimist\"; bugfix on 0.1.2.8-beta.

* Finally fix the bug where dynamic-IP relays disappear when their
IP address changes: directory mirrors were mistakenly telling
them their old address if they asked via begin_dir, so they
never got an accurate answer about their new address, so they
just vanished after a day. For belt-and-suspenders, relays that
don\'t set Address in their config now avoid using begin_dir for
all direct connections. Should fix bugs 827, 883, and 900.

* Fix a timing-dependent, allocator-dependent, DNS-related crash bug
that would occur on some exit nodes when DNS failures and timeouts
occurred in certain patterns. Fix for bug 957.

* When starting with a cache over a few days old, do not leak
memory for the obsolete router descriptors in it. Bugfix on
0.2.0.33; fixes bug 672.

* Hidden service clients didn\'t use a cached service descriptor that
was older than 15 minutes, but wouldn\'t fetch a new one either,
because there was already one in the cache. Now, fetch a v2
descriptor unless the same descriptor was added to the cache within
the last 15 minutes. Fixes bug 997; reported by Marcus Griep.


  
ICM