Changes in version 0.2.6.8 - 2015-05-21
Tor 0.2.6.8 fixes a bit of dodgy code in parsing INTRODUCE2 cells, and
fixes an authority-side bug in assigning the HSDir flag. All directory
authorities should upgrade.
o Major bugfixes (hidden services, backport from 0.2.7.1-alpha):
- Revert commit that made directory authorities assign the HSDir
flag to relay without a DirPort; this was bad because such relays
can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix
on tor-0.2.6.3-alpha.
o Minor bugfixes (hidden service, backport from 0.2.7.1-alpha):
- Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on
a client authorized hidden service. Fixes bug 15823; bugfix
on 0.2.1.6-alpha.
o Minor features (geoip):
- Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
- Update geoip6 to the April 8 2015 Maxmind GeoLite2
Country database.
Changes in version 0.2.6.7 - 2015-04-06
Tor 0.2.6.7 fixes two security issues that could be used by an
attacker to crash hidden services, or crash clients visiting hidden
services. Hidden services should upgrade as soon as possible; clients
should upgrade whenever packages become available.
This release also contains two simple improvements to make hidden
services a bit less vulnerable to denial-of-service attacks.
o Major bugfixes (security, hidden service):
- Fix an issue that would allow a malicious client to trigger an
assertion failure and halt a hidden service. Fixes bug 15600;
bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
- Fix a bug that could cause a client to crash with an assertion
failure when parsing a malformed hidden service descriptor. Fixes
bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
o Minor features (DoS-resistance, hidden service):
- Introduction points no longer allow multiple INTRODUCE1 cells to
arrive on the same circuit. This should make it more expensive for
attackers to overwhelm hidden services with introductions.
Resolves ticket 15515.
- Decrease the amount of reattempts that a hidden service performs
when its rendezvous circuits fail. This reduces the computational
cost for running a hidden service under heavy load. Resolves
ticket 11447.
Based on maintainer update request via PR 41828.
(remove patch-a{a,b} and make to simplify by me).
Tor 0.2.1.18 lays the foundations for performance improvements, adds
status events to help users diagnose bootstrap problems, adds optional
authentication/authorization for hidden services, fixes a variety of
potential anonymity problems, and includes a huge pile of other features
and bug fixes.
Tor 0.2.1.19 fixes a major bug with accessing and providing hidden
services.
Thanks to athaba, netcap, and tvierling.
Changes in version 0.2.0.30 - 2008-07-15
This new stable release switches to a more efficient directory
distribution design, adds features to make connections to the Tor
network harder to block, allows Tor to act as a DNS proxy, adds separate
rate limiting for relayed traffic to make it easier for clients to
become relays, fix a variety of potential anonymity problems, and
includes the usual huge pile of other features and bug fixes.
o Major bugfixes (crashes):
- If a connection is shut down abruptly because of something that
happened inside connection_flushed_some(), do not call
connection_finished_flushing(). Should fix bug 451:
"connection_stop_writing: Assertion conn->write_event failed"
Bugfix on 0.1.2.7-alpha.
- Fix possible segfaults in functions called from
rend_process_relay_cell().
o Major bugfixes (hidden services):
- Hidden services were choosing introduction points uniquely by
hexdigest, but when constructing the hidden service descriptor
they merely wrote the (potentially ambiguous) nickname.
- Clients now use the v2 intro format for hidden service
connections: they specify their chosen rendezvous point by identity
digest rather than by (potentially ambiguous) nickname. These
changes could speed up hidden service connections dramatically.
o Major bugfixes (other):
- Stop publishing a new server descriptor just because we get a
HUP signal. This led (in a roundabout way) to some servers getting
dropped from the networkstatus lists for a few hours each day.
- When looking for a circuit to cannibalize, consider family as well
as identity. Fixes bug 438. Bugfix on 0.1.0.x (which introduced
circuit cannibalization).
- When a router wasn't listed in a new networkstatus, we were leaving
the flags for that router alone -- meaning it remained Named,
Running, etc -- even though absence from the networkstatus means
that it shouldn't be considered to exist at all anymore. Now we
clear all the flags for routers that fall out of the networkstatus
consensus. Fixes bug 529.
o Minor bugfixes:
- Don't try to access (or alter) the state file when running
--list-fingerprint or --verify-config or --hash-password. Resolves
bug 499.
- When generating information telling us how to extend to a given
router, do not try to include the nickname if it is
absent. Resolves bug 467.
- Fix a user-triggerable segfault in expand_filename(). (There isn't
a way to trigger this remotely.)
- When sending a status event to the controller telling it that an
OR address is readable, set the port correctly. (Previously we
were reporting the dir port.)
- Fix a minor memory leak whenever a controller sends the PROTOCOLINFO
command. Bugfix on 0.1.2.17.
- When loading bandwidth history, do not believe any information in
the future. Fixes bug 434.
- When loading entry guard information, do not believe any information
in the future.
- When we have our clock set far in the future and generate an
onion key, then re-set our clock to be correct, we should not stop
the onion key from getting rotated.
- On some platforms, accept() can return a broken address. Detect
this more quietly, and deal accordingly. Fixes bug 483.
- It's not actually an error to find a non-pending entry in the DNS
cache when canceling a pending resolve. Don't log unless stuff
is fishy. Resolves bug 463.
- Don't reset trusted dir server list when we set a configuration
option. Patch from Robert Hogan.
