This version of Tor (0.2.3.20-rc) is newer than any recommended version, according to the directory authorities.
On Tue, Aug 7, 2012, at 10:51 PM, Roger Dingledine wrote: > Tor 0.2.3.20-rc is the third release candidate for the Tor 0.2.3.x > series. It fixes a pair of code security bugs and a potential anonymity > issue, updates our RPM spec files, and cleans up other smaller issues. > > https://www.torproject.org/download/download > > (Packages coming eventually.) > > Changes in version 0.2.3.20-rc - 2012-08-05 > o Security fixes: > - Avoid read-from-freed-memory and double-free bugs that could occur > when a DNS request fails while launching it. Fixes bug 6480; > bugfix on 0.2.0.1-alpha. > - Avoid an uninitialized memory read when reading a vote or consensus > document that has an unrecognized flavor name. This read could > lead to a remote crash bug. Fixes bug 6530; bugfix on > 0.2.2.6-alpha. > - Try to leak less information about what relays a client is > choosing to a side-channel attacker. Previously, a Tor client would > stop iterating through the list of available relays as soon as it > had chosen one, thus finishing a little earlier when it picked > a router earlier in the list. If an attacker can recover this > timing information (nontrivial but not proven to be impossible), > they could learn some coarse-grained information about which relays > a client was picking (middle nodes in particular are likelier to > be affected than exits). The timing attack might be mitigated by > other factors (see bug 6537 for some discussion), but it's best > not to take chances. Fixes bug 6537; bugfix on 0.0.8rc1. > > o Minor features: > - Try to make the warning when giving an obsolete SOCKSListenAddress > a little more useful. > - Terminate active server managed proxies if Tor stops being a > relay. Addresses parts of bug 6274; bugfix on 0.2.3.6-alpha. > - Provide a better error message about possible OSX Asciidoc failure > reasons. Fixes bug 6436. > - Warn when Tor is configured to use accounting in a way that can > link a hidden service to some other hidden service or public > address. Resolves ticket 6490. > > o Minor bugfixes: > - Check return value of fputs() when writing authority certificate > file. Fixes Coverity issue 709056; bugfix on 0.2.0.1-alpha. > - Ignore ServerTransportPlugin lines when Tor is not configured as > a relay. Fixes bug 6274; bugfix on 0.2.3.6-alpha. > - When disabling guards for having too high a proportion of failed > circuits, make sure to look at each guard. Fixes bug 6397; bugfix > on 0.2.3.17-beta. > > o Packaging (RPM): > - Update our default RPM spec files to work with mock and rpmbuild > on RHEL/Fedora. They have an updated set of dependencies and > conflicts, a fix for an ancient typo when creating the "_tor" > user, and better instructions. Thanks to Ondrej Mikle for the > patch series. Fixes bug 6043. > > o Testing: > - Make it possible to set the TestingTorNetwork configuration > option using AlternateDirAuthority and AlternateBridgeAuthority > as an alternative to setting DirServer. Addresses ticket 6377. > > o Documentation: > - Clarify the documentation for the Alternate*Authority options. > Fixes bug 6387. > - Fix some typos in the manpages. Patch from A. Costa. Fixes bug > 6500. > > o Code simplification and refactoring: > - Do not use SMARTLIST_FOREACH for any loop whose body exceeds > 10 lines. Also, don't nest them. Doing so in the past has > led to hard-to-debug code. The new style is to use the > SMARTLIST_FOREACH_{BEGIN,END} pair. Addresses issue 6400. > > _______________________________________________ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > Email had 1 attachment: > + signature.asc > 1k (application/pgp-signature) -- http://www.fastmail.fm - IMAP accessible web-mail _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
