某代理软件发布更新 0.2.1.30,修正了多个非关键软件漏洞。
同时对 TLS 握手过程进行了一些修改,增加了可连通性。不过这次小的改变并不能一劳永逸地解决该软件的连接问题,只能说可以从封锁与被封锁的拉锯战中为我们赢得更多的时间来寻找更好的解决方案。
下载信息请参考 匿名 & 隐私 页面的说明。
- Major bugfixes:
- Stop sending a CLOCK_SKEW controller status event whenever we fetch directory information from a relay that has a wrong clock. Instead, only inform the controller when it’s a trusted authority that claims our clock is wrong. Bugfix on 0.1.2.6-alpha; fixes the rest of bug 1074.
- Fix a bounds-checking error that could allow an attacker to remotely crash a directory authority. Bugfix on 0.2.1.5-alpha. Found by “piebeer”.
- If relays set RelayBandwidthBurst but not RelayBandwidthRate, Tor would ignore their RelayBandwidthBurst setting, potentially using more bandwidth than expected. Bugfix on 0.2.0.1-alpha. Reported by Paul Wouters. Fixes bug 2470.
- Ignore and warn if the user mistakenly sets “PublishServerDescriptor hidserv” in her torrc. The ‘hidserv’ argument never controlled publication of hidden service descriptors. Bugfix on 0.2.0.1-alpha.
- Minor features:
- Adjust our TLS Diffie-Hellman parameters to match those used by Apache’s mod_ssl.
- Update to the February 1 2011 Maxmind GeoLite Country database.
- Minor bugfixes:
- Check for and reject overly long directory certificates and directory tokens before they have a chance to hit any assertions. Bugfix on 0.2.1.28. Found by “doorss”.
- Bring the logic that gathers routerinfos and assesses the acceptability of circuits into line. This prevents a Tor OP from getting locked in a cycle of choosing its local OR as an exit for a path (due to a .exit request) and then rejecting the circuit because its OR is not listed yet. It also prevents Tor clients from using an OR running in the same instance as an exit (due to a .exit request) if the OR does not meet the same requirements expected of an OR running elsewhere. Fixes bug 1859; bugfix on 0.1.0.1-rc.
本文发表于水景一页。永久链接:<https://cnzhx.net/blog/software-update-0-2-1-30/>。转载请保留此信息及相应链接。