Anonymous Living

Tor is a Internet security tool which provides properties such as traffic analysis communications and anonymity. It can be used to browse and participate on the Internet without fear of covert government torture in tyrannical pretend-to-be-democracy NATO-regimes such as Norway. A new version of the “stable” branch is now available.

The new version has some software fixes, but more importantly, the addresses of two directory authorities have been changed and their IPs are hardcoded into the Tor software. Thus; you really should upgrade - specially if you happen to be serving location hidden services.

Official Tor maintainers story regarding this release is:

Tor 0.1.2.14 changes the addresses of two directory authorities (this change especially affects those who serve or use hidden services), and fixes several other crash- and security-related bugs.

We’ll put out 0.1.1.27 in the next week or so for people who absolutely can’t upgrade — but really, please upgrade to 0.1.2.14 if you can. Those still running 0.1.0.x should now consider it obsolete and unsupported.

https://tor.eff.org/download.html

Changes in version 0.1.2.14 - 2007-05-25

• Directory authority changes:
  • Two directory authorities (moria1 and moria2) just moved to new
    IP addresses. This change will particularly affect those who serve
    or use hidden services.
• Major bugfixes (crashes):
  • If a directory server runs out of space in the connection table
    as it’s processing a begin_dir request, it will free the exit stream
    but leave it attached to the circuit, leading to unpredictable
    behavior. (Reported by seeess, fixes bug 425.)
  • Fix a bug in dirserv_remove_invalid() that would cause authorities
    to corrupt memory under some really unlikely scenarios.
  • Tighten router parsing rules. (Bugs reported by Benedikt Boss.)
  • Avoid segfaults when reading from mmaped descriptor file. (Reported
    by lodger.)
• Major bugfixes (security):
  • When choosing an entry guard for a circuit, avoid using guards
    that are in the same family as the chosen exit — not just guards
    that are exactly the chosen exit. (Reported by lodger.)
• Major bugfixes (resource management):
  • If a directory authority is down, skip it when deciding where to get
    networkstatus objects or descriptors. Otherwise we keep asking
    every 10 seconds forever. Fixes bug 384.
  • Count it as a failure if we fetch a valid network-status but we
    don’t want to keep it. Otherwise we’ll keep fetching it and keep
    not wanting to keep it. Fixes part of bug 422.
  • If all of our dirservers have given us bad or no networkstatuses
    lately, then stop hammering them once per minute even when we
    think they’re failed. Fixes another part of bug 422.
• Minor bugfixes:
  • - Actually set the purpose correctly for descriptors inserted with
  • purpose=controller.
  • - When we have k non-v2 authorities in our DirServer config,
  • we ignored the last k authorities in the list when updating our
  • network-statuses.
  • - Correctly back-off from requesting router descriptors that we are
  • having a hard time downloading.
  • - Read resolv.conf files correctly on platforms where read() returns
  • partial results on small file reads.
  • - Don’t rebuild the entire router store every time we get 32K of
  • routers: rebuild it when the journal gets very large, or when
  • the gaps in the store get very large.
• Minor features:
  • - When routers publish SVN revisions in their router descriptors,
  • authorities now include those versions correctly in networkstatus
  • documents.
  • - Warn when using a version of libevent before 1.3b to run a server on
  • OSX or BSD: these versions interact badly with userspace threads.