Tor 0.2.1.16-rc is out
arma at mit.edu
Tue Jun 23 21:52:51 UTC 2009
Tor 0.2.1.16-rc speeds up performance for fast exit relays, and fixes
a bunch of minor bugs.
Changes in version 0.2.1.16-rc - 2009-06-20
o Security fixes:
- Fix an edge case where a malicious exit relay could convince a
controller that the client's DNS question resolves to an internal IP
address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.
o Major performance improvements (on 0.2.0.x):
- Disable and refactor some debugging checks that forced a linear scan
over the whole server-side DNS cache. These accounted for over 50%
of CPU time on a relatively busy exit node's gprof profile. Found
- Disable some debugging checks that appeared in exit node profile
o Minor features:
- Update to the "June 3 2009" ip-to-country file.
- Do not have tor-resolve automatically refuse all .onion addresses;
if AutomapHostsOnResolve is set in your torrc, this will work fine.
o Minor bugfixes (on 0.2.0.x):
- Log correct error messages for DNS-related network errors on
- Fix a race condition that could cause crashes or memory corruption
when running as a server with a controller listening for log
- Avoid crashing when we have a policy specified in a DirPolicy or
SocksPolicy or ReachableAddresses option with ports set on it,
and we re-load the policy. May fix bug 996.
- Hidden service clients didn't use a cached service descriptor that
was older than 15 minutes, but wouldn't fetch a new one either,
because there was already one in the cache. Now, fetch a v2
descriptor unless the same descriptor was added to the cache within
the last 15 minutes. Fixes bug 997; reported by Marcus Griep.
o Minor bugfixes (on 0.2.1.x):
- Don't warn users about low port and hibernation mix when they
provide a *ListenAddress directive to fix that. Bugfix on
- When switching back and forth between bridge mode, do not start
gathering GeoIP data until two hours have passed.
- Do not complain that the user has requested an excluded node as
an exit when the node is not really an exit. This could happen
because the circuit was for testing, or an introduction point.
Fix for bug 984.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
More information about the tor-talk