Skip to content

Tor 0.2.2.37 released

13. Jun 2012

And here is the full change-log for 0.2.2.37

o Major bugfixes:
– Work around a bug in OpenSSL that broke renegotiation with TLS
1.1 and TLS 1.2. Without this workaround, all attempts to speak
the v2 Tor connection protocol when both sides were using OpenSSL
1.0.1 would fail. Resolves ticket 6033.
– When waiting for a client to renegotiate, don’t allow it to add
any bytes to the input buffer. This fixes a potential DoS issue.
Fixes bugs 5934 and 6007; bugfix on 0.2.0.20-rc.
– Fix an edge case where if we fetch or publish a hidden service
descriptor, we might build a 4-hop circuit and then use that circuit
for exiting afterwards — even if the new last hop doesn’t obey our
ExitNodes config option. Fixes bug 5283; bugfix on 0.2.0.10-alpha.

o Minor bugfixes:
– Fix a build warning with Clang 3.1 related to our use of vasprintf.
Fixes bug 5969. Bugfix on 0.2.2.11-alpha.

o Minor features:
– Tell GCC and Clang to check for any errors in format strings passed
to the tor_v*(print|scan)f functions.

The connectivity fix, a workaround for a bug in OpenSSL, is the reason for this rapid release. At least that’s what I guess.

Advertisements

From → General

Comments are closed.