[tor-announce] Tor 0.2.7.6 is released

Nick Mathewson nickm at torproject.org
Fri Dec 11 00:44:24 UTC 2015


Hi, all!

(If you are about to reply saying "please take me off this list",
instead please follow the instructions over here to get yourself
removed: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/
.  You will have to enter the actual email address you used to
subscribe.)

Tor version 0.2.7.6 fixes a major bug in entry guard selection, as
well as a minor bug in hidden service reliability. (For Roger's
preliminary analysis of the guard selection bug, see
https://trac.torproject.org/projects/tor/ticket/17772#comment:1 )

You can download the source from the usual place on the website.
Packages should be up in a few days.

Changes in version 0.2.7.6 - 2015-12-10
  Tor version 0.2.7.6 fixes a major bug in entry guard selection, as
  well as a minor bug in hidden service reliability.

  o Major bugfixes (guard selection):
    - Actually look at the Guard flag when selecting a new directory
      guard. When we implemented the directory guard design, we
      accidentally started treating all relays as if they have the Guard
      flag during guard selection, leading to weaker anonymity and worse
      performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered
      by Mohsen Imani.

  o Minor features (geoip):
    - Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (compilation):
    - When checking for net/pfvar.h, include netinet/in.h if possible.
      This fixes transparent proxy detection on OpenBSD. Fixes bug
      17551; bugfix on 0.1.2.1-alpha. Patch from "rubiate".
    - Fix a compilation warning with Clang 3.6: Do not check the
      presence of an address which can never be NULL. Fixes bug 17781.

  o Minor bugfixes (correctness):
    - When displaying an IPv6 exit policy, include the mask bits
      correctly even when the number is greater than 31. Fixes bug
      16056; bugfix on 0.2.4.7-alpha. Patch from "gturner".
    - The wrong list was used when looking up expired intro points in a
      rend service object, causing what we think could be reachability
      issues for hidden services, and triggering a BUG log. Fixes bug
      16702; bugfix on 0.2.7.2-alpha.
    - Fix undefined behavior in the tor_cert_checksig function. Fixes
      bug 17722; bugfix on 0.2.7.2-alpha.


More information about the tor-announce mailing list