Tor 0.2.8.2-alpha 发布了。
Tor 是一个帮助你抵御流量分析的软件项目, 流量分析是一种对网络的监视行为。Tor 将你的通信通过一个由遍及全球的志愿者运行的中继(relay)所组成的分布式网络转发, 以此来保护你的安全:它令监视你的 Internet 连接的那些人无法知道你所访问的站点, 它还令你所访问的站点无法知道你的物理位置。Tor 能与现有的许多应用程序配合工作, 包括 Web 浏览器、即时通讯客户端、远程登录和基于 TCP 协议的其他应用程序。
主要改进记录如下:
New system requirements:
Tor no longer supports versions of OpenSSL with a broken implementation of counter mode. (This bug was present in OpenSSL 1.0.0, and was fixed in OpenSSL 1.0.0a.) Tor still detects, but no longer runs with, these versions.
Tor no longer attempts to support platforms where the "time_t" type is unsigned. (To the best of our knowledge, only OpenVMS does this, and Tor has never actually built on OpenVMS.) Closes ticket 18184.
Tor now uses Autoconf version 2.63 or later, and Automake 1.11 or later (released in 2008 and 2009 respectively). If you are building Tor from the git repository instead of from the source distribution, and your tools are older than this, you will need to upgrade. Closes ticket 17732.
Major bugfixes (security, pointers):
Avoid a difficult-to-trigger heap corruption attack when extending a smartlist to contain over 16GB of pointers. Fixes bug 18162; bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely. Reported by Guido Vranken.
Major bugfixes (bridges, pluggable transports):
Modify the check for OR connections to private addresses. Allow bridges on private addresses, including pluggable transports that ignore the (potentially private) address in the bridge line. Fixes bug 18517; bugfix on 0.2.8.1-alpha. Reported by gk, patch by teor.
Major bugfixes (compilation):
Repair hardened builds under the clang compiler. Previously, our use of _FORTIFY_SOURCE would conflict with clang's address sanitizer. Fixes bug 14821; bugfix on 0.2.5.4-alpha.
Major bugfixes (crash on shutdown):
Correctly handle detaching circuits from muxes when shutting down. Fixes bug 18116; bugfix on 0.2.8.1-alpha.
Fix an assert-on-exit bug related to counting memory usage in rephist.c. Fixes bug 18651; bugfix on 0.2.8.1-alpha.