Tor is out

Orionjur Tor-admin tor-admin at
Sun Jan 30 08:06:51 UTC 2011

Roger Dingledine wrote:
> Tor fixes a few more less-critical security issues. The
> main other change is a slight tweak to Tor's TLS handshake that makes
> relays and bridges that run this new version reachable from Iran again.
> We don't expect this tweak will win the arms race long-term, but it will
> buy us a bit more time until we roll out a better solution.
> Anybody running a relay or bridge who wants it to work for Iran should
> upgrade.
> Changes in version - 2011-01-25
>   o Major bugfixes:
>     - Fix a bounds-checking error that could allow an attacker to
>       remotely crash a directory authority. Bugfix on
>       Found by "piebeer".
>     - Don't assert when changing from bridge to relay or vice versa
>       via the controller. The assert happened because we didn't properly
>       initialize our keys in this case. Bugfix on; fixes
>       bug 2433. Reported by bastik.
>   o Minor features:
>     - Adjust our TLS Diffie-Hellman parameters to match those used by
>       Apache's mod_ssl.
>     - Provide a log message stating which geoip file we're parsing
>       instead of just stating that we're parsing the geoip file.
>       Implements ticket 2432.
>   o Minor bugfixes:
>     - Check for and reject overly long directory certificates and
>       directory tokens before they have a chance to hit any assertions.
>       Bugfix on / Found by "doorss".

I installed it in the morning of yesterday or in the morning of the day
before yesteray on my debian exit node.
How can I do it before this release?

To unsubscribe, send an e-mail to majordomo at with
unsubscribe or-talk    in the body.

More information about the tor-talk mailing list