[tor-talk] Tor 0.2.4.20 is released
arma at mit.edu
Mon Dec 23 07:21:35 UTC 2013
Tor 0.2.4.20 fixes potentially poor random number generation for users
who 1) use OpenSSL 1.0.0 or later, 2) set "HardwareAccel 1" in their
torrc file, 3) have "Sandy Bridge" or "Ivy Bridge" Intel processors,
and 4) have no state file in their DataDirectory (as would happen on
first start). Users who generated relay or hidden service identity
keys in such a situation should discard them and generate new ones.
This release also fixes a logic error that caused Tor clients to build
many more preemptive circuits than they actually need.
Packages coming soon, including a new TBB 3.5.1 with some other fixes,
at which point I'll announce on the tor-announce list too.
Changes in version 0.2.4.20 - 2013-12-22
o Major bugfixes:
- Do not allow OpenSSL engines to replace the PRNG, even when
HardwareAccel is set. The only default builtin PRNG engine uses
the Intel RDRAND instruction to replace the entire PRNG, and
ignores all attempts to seed it with more entropy. That's
cryptographically stupid: the right response to a new alleged
entropy source is never to discard all previously used entropy
sources. Fixes bug 10402; works around behavior introduced in
OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman"
- Fix assertion failure when AutomapHostsOnResolve yields an IPv6
address. Fixes bug 10465; bugfix on 0.2.4.7-alpha.
- Avoid launching spurious extra circuits when a stream is pending.
This fixes a bug where any circuit that _wasn't_ unusable for new
streams would be treated as if it were, causing extra circuits to
be launched. Fixes bug 10456; bugfix on 0.2.4.12-alpha.
o Minor bugfixes:
- Avoid a crash bug when starting with a corrupted microdescriptor
cache file. Fixes bug 10406; bugfix on 0.2.2.6-alpha.
- If we fail to dump a previously cached microdescriptor to disk,
avoid freeing duplicate data later on. Fixes bug 10423; bugfix on
0.2.4.13-alpha. Spotted by "bobnomnom".
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 190 bytes
Desc: Digital signature
More information about the tor-talk